This policy applies in particular to personal data we collect when you use this website (https://astx.com/) and otherwise interact with us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
- ABOUT US AND HOW THIS POLICY APPLIES TO OUR COMPANIES
1.1 Astex Pharmaceuticals refers to the two affiliated companies Astex Pharmaceuticals, Inc., based in Pleasanton, California, USA, and Astex Therapeutics Limited, based in Cambridge, UK.
1.2 This website and other dealings with us may be subject to different privacy laws depending on the Astex company involved, and where you are located. For the purpose of data protection laws, the Astex company that will be the “data controller” of your personal data will be the Astex company for whom you are working or have a business relationship. In the case of any personal data supplied by you through the recruitment portal on the website, the US Astex company shall be the “data controller” in respect of that personal data.
- WHAT INFORMATION WE COLLECT AND HOW WE WILL USE IT
2.1 We collect personal data so that we can operate effectively and provide you with the best possible service. The information we collect depends on the context of your interactions with us, with our website and how you use our products and services. It also depends on the choices you make, for example the functions you use and your privacy settings. You may choose not to provide certain information but if you do, and that information is necessary to provide a particular feature or service, then you may not be able to use that feature.
2.2 The table below summarises what information we collect about you, explains how we intend to use it and what our legal basis is for using it.
|Personal data collected
||Source of personal data
||Reason for processing
||Lawful basis for processing
|Name, contact details, job title, areas of interest and other biographic details
||Collected from you through our website or correspondence with Astex personnel.
||To offer or provide products and services to you and/or your business and/or to discuss future collaboration or other opportunities with Astex.
||To pursue our legitimate business interests and, subject to any necessary consent, to market our products and services to you.
|Name, contact details, job title, areas of interest and other biographic details including details of patents and your contribution to our work or the work of others in relevant fields
||Collected from you, identified from public registers, documented in internal or collaboration work.
||To undertake our own R&D activities, to maintain awareness of the activities of others in the fields in which we operate and/or to discuss future collaboration or other opportunities with Astex.
||To pursue our legitimate business interests, in particular our R&D activities, and in connection with actual or potential future legal claims.
|Device and usage data including IP addresses and device identifiers
Device event information including crash logs, hardware settings, browser type and browser language
|Automatically collected and stored in our server logs when you interact with our website.
||To improve the user experience of our website, including to offer you tailored content, and to protect the security of our website.
||To pursue our legitimate interests, in particular to understand how our website is used, to improve the user experience of our website, and to maintain the security of our website.
|Cookies and similar technologies
||When you visit our website, automated collection tools such as “cookies” gather information about your visit and your computer. Cookies are small text files that are stored on your hard drive through the local browser cache.
||To customise content on our websites, facilitate access to our websites, and recognise a computer or device that has visited the website before.
We also combine information about visitors to our website to produce anonymous, aggregated statistical information that helps us understand the frequency of visits to our site, the pages visited, and the features clicked.
|To pursue our legitimate business interests and, in respect of any personal data, subject to any necessary consent.
|Name, contact details, vehicle registration details, entry and exit times, CCTV images, special needs/requests data
||Collected from you when visiting our premises and/or from our own systems and processes.
||To assist us with keeping our site secure and complying with our health and safety obligations and to assist with any accommodations or requests made of us.
||To pursue our legitimate interests in relation to site security, to comply with legal obligations and to prevent crime.
|Name, contact details, job title, areas of expertise, products and services offered, payment information, credit/other references, correspondence and associated records.
||Collected from you or received from relevant third parties.
||In order for us to enter into contracts for you or us to supply goods and/or services, and if you would like to work with us.
||To pursue our legitimate business interests and (as applicable) to comply with our legal obligations and/or to perform our contractual obligations and/or to take steps in advance of entry into a contract.
|Personal data associated with contracts
||Present on the contract documents themselves and/or associated documents.
||Any purpose necessary in connection with performance of the contract and, as necessary, holding the contract and associated documents in archive.
||As applicable: in relation to our performance of our contractual obligations and securing the benefit(s) of any contracts to which we are party; the establishment, exercise and defence of legal claims; and in connection with our legitimate business activities.
|Personal data associated with patents, lab books, other R&D data and documents and any associated correspondence
||Collected from the individual, provided by third parties and/or generated by Astex.
||In connection with our R&D, commercial and intellectual property strategies and possible/actual legal claims.
||To pursue our legitimate business interests and/or in connection with the establishment, exercise and defence of legal claims.
Some of the reasons for processing set out in the table above will overlap and there may be more than one legal basis for our use of your personal data.
2.3 When you visit any website, including ours, your browser automatically sends certain information that does not personally identify you. This includes information such as browser type, language preference, operating system, internet service provider (ISP), IP address, device identification number, geo-location data, and online browsing data (like date and time of access to our website, referring website address, pages viewed, features used, links clicked, and other actions you take in connection with the website, sometimes referred to as “clickstream data”).
2.4 We use website cookies for the following purposes:
(a) For website functionality – these cookies facilitate technical aspects or special features on our site. They also help us manage your consent to setting cookies. Upon your first access to our website, a banner will appear, asking you to give us your consent to the setting of cookies. If your consent is given, we will place a cookie on your computer and the banner will not appear again as long as your cookie is active. After expiration of the cookie’s lifespan, or if you actively delete the cookie, the banner will reappear upon your next visit to our website and again ask for your consent.
(b) For website performance – These cookies collect information about how you use our websites. Information collected includes, for example, the Internet browsers and number of visits, average duration of visit, and pages viewed. These cookies do not collect information that personally identifies you and only collect aggregated and anonymous information. We use Google Analytics. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
2.5 The help portion of the toolbar on most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to delete existing cookies. Note that if you choose to disable cookies, it is possible that some of our websites’ features may not function properly. Some browsers have “do not track” features that allow you to tell a website not to track you. These features are not all uniform. We do not currently respond to those signals.
2.6 We collect personal information with respect to our US recruitment activities. The information we collect depends on how you interact with us. We will use the personal information that you provide or that we collect in this context only for recruiting purposes.
- CHANGE OF PURPOSE
3.1 We will only use your personal data for the purposes for which we collected it, unless we may use it for another reason which is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- SHARING YOUR INFORMATION
4.1 We may share your personal data with selected third-party service providers and other companies within our group that support us in the performance of the activities set out in the table above. We may also share your personal data where it is necessary in order to provide you with services or where we have another legitimate interest in doing so that is not overridden by your interests and fundamental rights. For example, to protect our customers or to operate and to maintain the security of our computer systems.
4.2 Alternatively, we may share your personal data with third parties where required by law, for example, in response to a court order, subpoena, search warrant, to comply with state or federal law, or in compliance with a legal requirement imposed by the U.S. Food and Drug Administration or other pharmaceutical regulatory authority in relation to information you provide to us regarding your experience with one of our products (which may include personally identifiable and non-personally identifiable information). We also reserve the right to cooperate with law enforcement authorities and provide information in the context of investigating and prosecuting breaches of obligations owed to us or users who engage in behaviour that is illegal or harmful to other site users.
4.3 We may transfer your personal data outside the European Economic Area (EEA) including to our group companies in Japan, in the USA and other jurisdictions in connection with our operations and as necessary for the performance of any contract that we may have with you. Astex employees may also access personal data from outside the EEA using our IT systems. If we do so we will take all steps reasonably necessary to ensure that your personal data receives an adequate level of protection and is treated in a way that is consistent with EU and UK laws on data protection.
4.4 We may also share your personal data with other third parties, for example with service providers (such as payment services providers, credit reference agencies, IT solution providers and any of our suppliers and sub-contractors who process data on our behalf in order to assist us with our business activities) or in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or otherwise to comply with the law.
4.5 We require all our third-party service providers and all other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
- STORING YOUR INFORMATION
5.1 Astex routinely processes and stores the personal data that it holds within the EEA.
5.2 Some of our third-party service providers may host or otherwise process personal data on Astex’s behalf outside the EEA. In addition to the controls in relation to sharing your information (please see above), we will ensure that any such data sharing is either: (i) to a country for which the European Commission has issued an adequacy decision confirming that the country offers an appropriate level of personal data protection; or (ii) is otherwise subject to appropriate controls such as the Standard Contractual Clauses adopted by the EU Commission.
5.3 We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting obligations, and in accordance with our internal records retention and management policies.
- NOTICE TO CALIFORNIA RESIDENTS
6.1 If you reside in California, you have the right to ask us one time each year if we have shared your personal information with third parties for their direct marketing purposes. To make a request, please send us an email (at the US address provided in paragraph 13 below). Indicate in your email that you are a California resident making a “Shine the Light” inquiry.
- CHILDREN’S INFORMATION
7.1 We do not knowingly collect information from children under the age of 16. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us (see contact details below in paragraph 13).
7.2 If we learn that an under-13 user has volunteered personally identifiable information on the site, we will delete such information from our active databases.
- KEEPING YOUR INFORMATION SECURE
8.1 All information that you provide to us is stored on secure servers.
8.2 The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the information transmitted to our site and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access or inadvertent disclosure.
- YOUR RIGHTS
9.1 As a data subject, you have the legal right to:
(a) Request access to your personal data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. We will need to verify your identity before we release any personal data to you.
(b) Request correction or erasure of your personal data (unless we have the legal right to retain it). This right also applies where you have exercised your right to object to processing (see below).
(c) Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which entitles you to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
(d) Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
(e) Request the transfer of your personal data to another party.
(f) Change your data processing consents and preferences at any time.
9.2 You should be aware that if you ask us to stop processing your personal data in a certain way or to erase your personal data, and processing that data is necessary in order for us to provide services to you, then we may be unable to provide those services. Similarly, your preferences and choices in relation to our website may mean that some or all of the website functionality becomes unavailable to you. This does not affect your right to object to direct marketing, which can be exercised at any time without restriction.
9.3 If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us (see contact details in paragraph 13).
9.4 You will not normally have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
9.5 We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
9.6 In the limited circumstances where our collection, processing and transfer of your personal data is based upon consent, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us (see contact details in paragraph 13), and once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
10.1 We would like to send you information by email about us and other companies in our group which may be of interest to you (including, for example press releases).
10.2 You have the right at any time to stop us from contacting you for marketing purposes or giving your information to other members of our group. If you no longer wish to be contacted for marketing purposes, you can unsubscribe by using the “unsubscribe” link at the bottom of our marketing messages.
- OTHER WEBSITES
- HOW TO CONTACT US AND COMPLAINTS
13.1 The UK company, Astex Therapeutics Limited, is registered with the Information Commissioner’s Office under registration number Z7540547.
13.3 Our contact details are:
|Astex Pharmaceuticals, Inc.
4420 Rosewood Drive, Suite 200
Email – dataprivacyUS@astx.com
|Astex Therapeutics Limited
436 Cambridge Science Park
Cambridge CB4 0QA
Email – dataprivacyUK@astx.com
Updated: September 2018