Privacy Policy

This Privacy Policy explains what we do with your personal data. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations. This Privacy Policy applies to the personal data of investors, directors (or, to the extent relevant, employees, officers or similar), agents, service providers, website users, and other people whose personal data we may process.

For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR“), the company responsible for the personal data you provide to us is Biopharma Credit plc of 51 New North Road, Exeter, United Kingdom, EX4 4EP (the “Company“, “we“, “us” or “our“).

It is important to point out that we may amend this Privacy Policy from time to time. Please visit this page if you want to stay up to date, as we will post any changes here. If you are dissatisfied with any aspect of our Privacy Policy, you may have legal rights. We have described these in the document as well where relevant.

How do we collect personal data?

We collect personal data in a number of ways. This will usually be collected by service providers to the Company, such as the registrar or receiving agent, for example when you become a shareholder in the Company or where you provide personal data on request from us. We may also receive personal data when you contact us or the company secretary, registrar or administrator (or other service provider) directly by phone, email or by other means. Personal data may also be provided to us by service providers for the purposes of marketing to investors.

What personal data do we collect?

We describe below the types of personal data we may collect:
We may collect personal data including your name, address, e-mail address, phone number, job title and identification documents, or any other information which you provide to us.

How do we use personal data?

We, or service providers acting on our behalf, use personal data in the following ways:

  • If you are shareholder we use your personal information in the following ways:
  • to comply with legal and/or regulatory requirements;
  • to carry out anti-money laundering and “Know Your Customer” checks in accordance with our legal and regulatory obligations;
  • storing your details (and updating them when necessary) on the shareholder register;
  • contacting you in relation to your shareholding;
  • where you are a current or former shareholder, contacting you by email or telephone to offer you shares in the Company or send you literature relating to the Company; and
  • keeping records of conversations and correspondence.

We may use your personal data for such purposes if we deem this to be necessary for our legitimate interests provided these interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned.
If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in this policy.

  • If you are a prospective shareholder we use your personal information in the following ways:
  • to carry out anti-money laundering and “Know Your Customer” checks in accordance with our legal and regulatory obligations; and
  • keeping records of conversations and correspondence.

We may use your personal data for such purposes if we deem this to be necessary for our legitimate interests provided these interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned.
If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in this policy.

  • For legal reasons: In some circumstances, we may use your personal data to help us to establish, exercise or defend legal claims.
  • Service provider data: We will use information about individuals at our service providers in the following ways:
  • to store (and update when necessary) details, either ourselves or at another service provider, so that we can contact individuals in relation to our agreements with service providers;
  • to obtain support and services from the service providers; and
  • facilitating our invoicing processes.

We may use personal data from our service providers for such purposes if we deem this to be necessary for our legitimate interests provided these interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned.

  • Directors’ data: We will use information about our directors in the following ways:
  • to comply with legal and/or regulatory requirements;
  • contacting them in relation to their directorships; and
  • keeping records of conversations and correspondence.

We may use personal data from our directors for such purposes if we deem this to be necessary for our legitimate interests provided these interests are not overridden by the interests or fundamental rights or freedoms of the individuals concerned.

We, or our service providers on our behalf, may provide personal data to our other service providers, provided that the data is used for the purposes described above. We may also share personal data with our group companies/undertakings, but again, only for the purposes described above.

How do we store and transfer your data internationally?

In order to carry out the activities described in this Privacy Policy, your data may be transferred between and within entities within our corporate group, to third parties (such as regulatory authorities, advisers or other service providers to the Company (or their group companies)), to a cloud-based storage provider, and to other third parties, as referred to here.

We want to make sure that your data are stored and transferred in a way that is secure. We will therefore only transfer data outside of the European Economic Area (“EEA”) (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

  • by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; or
  • in the case of transfer to the US, the transfer is made to an entity certified under the EU – US Privacy Shield; or
  • transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
  • where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests; or
  • where you have consented to the data transfer.

To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.

How do we keep personal data secure?

We are committed to taking all reasonable and appropriate steps to protect the personal data that we (or third parties on our behalf) hold from misuse, loss, or unauthorised access. We do this by having in place a range of contractual standards (relating to, amongst other matters, appropriate technical and organisational measures) in agreements with our service providers. These include measures to deal with any suspected data breach. If you suspect any misuse or loss of or unauthorised access to your personal data please let us know immediately. Details of how to contact us can be found below.

How long do we keep personal data?

We, or our service providers on our behalf, will ordinarily process your data throughout the course of our interactions and will then generally retain it for an appropriate period afterwards. The precise length of time will depend on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain it for certain minimum periods. In other instances, there may be legal, regulatory or risk-management reasons for retaining data, including where certain data might be relevant to any potential litigation (bearing in mind relevant limitation periods).

In determining the appropriate retention period for different types of personal data, we always consider the amount, nature and sensitivity of the personal data in question, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition to ensuring that we comply with our legal, regulatory and risk-management obligations, as described above).

Once we have determined that we no longer need to hold your personal data, we will delete it from our systems.

Your legal rights in respect of your personal data

You have the right to ask for a copy of the personal data which we, or service providers on our behalf, hold about you, subject to certain exceptions. If any of the personal data which we hold about you is incorrect or out of date, please let us know and we will correct it.

You have the right to object to the processing of your personal data if it is being used because we deem it necessary for our legitimate interests. Where we have obtained your consent to process personal data for certain activities, you may withdraw this consent at any time and we will cease to carry out that particular activity unless we consider there to be an alternative reason to justify our continuing to do so, in which case we will inform you of the reason.

From 25 May 2018, you also have the right to erase any personal data we hold about you and/or request that it be transferred to another data controller (again, subject to certain exceptions).

Please note that if you exercise any of the rights listed above, we may no longer have the personal data (e.g. contact details, financial information, etc.) necessary to comply with our obligations to you following such request.

Contacting us

If you would like to exercise any of your rights, or learn more about your rights, please contact biopharmacreditplc@linkgroup.co.uk.

You also have the right to lodge a complaint with a data protection supervisory authority, including in the EU member state of your residence, your place of work or the place of the alleged infringement. The UK regulator for data protection is the Information Commissioner and its contact details are: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; telephone: 0303 123 1113; email: casework@ico.org.uk.