Privacy Policy
This privacy policy explains what we do with your personal data
This Privacy Policy explains what we do with your personal data. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations. This Privacy Policy applies to the personal data of investors, directors (or, to the extent relevant, employees, officers or similar), agents, service providers, website users, and other people whose personal data we may process.
Applicable data protection legislation includes, but is not limited to, the General Data Protection Regulation (Regulation (EU) 2016/679) (the “EU GDPR”), which forms part of the laws of the UK by virtue of Section 3 of the European Union (Withdrawal) Act 2018 and other related UK legislation (“UK GDPR”). The company responsible for the personal data you provide to us is Biopharma Credit plc of 51 New North Road, Exeter, United Kingdom, EX4 4EP (the “Company”, “we”, “us” or “our”).
It is important to point out that we may amend this Privacy Policy from time to time. Please visit this page if you want to stay up to date, as we will post any changes here. This Privacy Policy replaces and supersedes any previous policies addressing the same or similar issues, whether formal or informal. If you are dissatisfied with any aspect of our Privacy Policy, you may have legal rights. We have described these in the document as well where relevant.
How do we collect personal data?
We collect personal data in a number of ways. This will usually be collected by service providers to BioPharma Credit plc, such as the registrar or receiving agent, for example when you become a shareholder in BioPharma Credit plc or where you provide personal data on request from us. We may also receive personal data when you contact us or the company secretary, registrar or administrator (or other service provider) directly by phone, email or by other means. Personal data may also be provided to us by service providers for the purposes of marketing to investors.
What personal data do we collect?
We describe below the types of personal data we may collect:
We may collect and process personal data including your name, address, e-mail address, phone number, job title and identification documents, financial information and any other information which you provide to us.
How do we use personal data?
We, or service providers acting on our behalf, use personal data in the ways outlined in the tables below. If you are not happy about this, in certain circumstances you have the right to object and can find out more about how and when to do this in this policy.
Shareholders
| Why and how we process your information | Types of personal data used | Legal basis relied upon |
|---|---|---|
| To comply with legal and/or regulatory requirements, including carrying out anti-money laundering and “Know Your Customer” checks. | • Names • Address • Phone Number • Job Title • Identification Documents • Financial information • Any other information that you provide to us | Legitimate interests, namely it is in our interests to: • ensure compliance with our policies; • safeguard our interests; and • verify the identity of our shareholders. |
| To store your details (and update them when necessary) on the shareholder register. | • Names • Address • Phone Number • Job Title • Identification Documents • Financial information • Any other information that you provide to us | Legitimate interests, namely it is in our interests to: • ensure that that we fulfil our legal and regulatory obligations; and • ensure that our shareholder register is adequately maintained. |
| To contact you in relation to your shareholding. | • Names • Address • Phone Number • Financial information • Any other information that you provide to us | Legitimate interests, namely it is in our interests to: • manage and maintain our relationship with you; and • ensure that you are updated with any news relating to your shareholding. |
| Where you are a current or former shareholder, to contact you by email or telephone to offer you shares in the Company or send you literature relating to the Company | Names • Address • Phone Number • Financial information • Any other information that you provide to us | Legitimate interests, namely it is in our interests to: • manage and maintain our relationship with you; and • communicate effectively with our current and former shareholders and inform them of Company news. |
| To keep records of conversations and correspondence. | • Names • Address • Phone Number • Job Title • Identification Documents • Financial information • Any other information that you provide to us | Legitimate interests, namely it is in our interests to maintain an accurate record of our interactions with shareholders. |
| To establish, exercise or defend legal claims. | • Names • Address • Phone Number • Job Title • Identification Documents • Financial information • Any other information that you provide to us | Legitimate interests, namely it is in our interests for us to be enabled to establish and defend our legal rights and understand our obligations and seek legal advice in connection with them. |
Prospective Shareholders
| Why and how we process your information | Types of personal data used | Legal basis relied upon |
|---|---|---|
| To carry out anti-money laundering and “Know Your Customer” checks. | • Names • Address • Phone Number • Job Title • Identification Documents • Financial information • Any other information that you provide to us | Legitimate interests, namely it is in our interests to: • ensure compliance with our policies; • safeguard our interests; and • verify the identity of prospective shareholders. |
| To keep records of conversations and correspondence. | • Names • Address • Phone Number • Job Title • Identification Documents • Financial information • Any other information that you provide to us | Legitimate interests, namely it is in our interests to maintain an accurate record of our interactions with prospective shareholders. |
| To establish, exercise or defend legal claims. | • Names • Address • Phone Number • Job Title • Identification Documents • Financial information • Any other information that you provide to us | Legitimate interests, namely it is in our interests for us to be enabled to establish and defend our legal rights and understand our obligations and seek legal advice in connection with them. |
Service Providers
| Why and how we process your information | Types of personal data used | Legal basis relied upon |
|---|---|---|
| To store (and update when necessary) details, either ourselves or at another service provider, so that we can contact individuals in relation to our agreements with service providers. | • Names • Addresses • Emails • Phone Numbers • Job Titles • Identification Documents • Any other information that you provide to us | Legitimate interests, namely it is in our interests to: • ensure compliance with our policies; • safeguard our interests; and • ensure our operations and agreements run smoothly. |
| To obtain support and services from the service providers. | • Names • Addresses • Emails • Phone Numbers • Job Titles • Any other information that you provide to us | Legitimate interests, namely it is in our interests to: • Access services that have been agreed as being provided by our service providers; and • obtain support where required for the performance of services. |
| To facilitate our invoicing processes. | • Names • Addresses • Emails • Phone Numbers • Job Titles • Identification Documents • Financial information • Any other information that you provide to us | Legitimate interests, namely it is in our interests to: • ensure that invoices are paid in a timely manner. |
Directors
| Why and how we process your information | Types of personal data used | Legal basis relied upon |
|---|---|---|
| To comply with legal and/or regulatory requirements. | • Names • Addresses • Emails • Phone Numbers • Job Titles • Identification Documents • Any other information that you provide to us | Legitimate interests, namely it is in our interests to: • ensure compliance with our policies; and • safeguard our interests. |
| To contact directors in relation to their directorship. | • Names • Addresses • Emails • Phone Numbers • Job Titles • Any other information that you provide to us | Legitimate interests, namely it is in our interests to: • maintain strong relationships with our directors; and • maintain contact with our directors regarding their directorships. |
| To keep records of conversations and correspondence. | • Names • Addresses • Emails • Phone Numbers • Job Titles • Identification Documents • Any other information that you provide to us | Legitimate interests, namely it is in our interests to maintain an accurate record of our interactions with directors. |
We, or our service providers on our behalf, may provide personal data to our other service providers, provided that the data is used for the purposes described above. We may also share personal data with our group companies/undertakings, but again, only for the purposes described above.
How do we store and transfer your data internationally?
In order to carry out the activities described in this Privacy Policy, your data may be transferred between and within entities within our corporate group, to third parties (such as regulatory authorities, advisers or other service providers to BioPharma Credit plc (or their group companies)), to a cloud-based storage provider, and to other third parties, as referred to here.
We want to make sure that your data are stored and transferred in a way that is secure. We will therefore only transfer data outside of the European Economic Area (“EEA”) (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- by way of data transfer agreement, such as incorporating approved standard contractual clauses; or
- in the case of transfer to the US, by way of a scheme approved by the European Commission and/or the UK Commissioners Office; or
- where a destination country offers adequate data privacy protections as determined by the originating country;
- where there is a contractual requirement for us to do so and it is in your interests; or
- where you have consented to the data transfer.
To ensure that your personal information receives an adequate level of protection, we have put in place appropriate procedures with the third parties we share your personal data with to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the law on data protection.
How do we keep personal data secure?
We are committed to taking all reasonable and appropriate steps to protect the personal data that we (or third parties on our behalf) hold from misuse, loss, or unauthorised access. We do this by having in place a range of contractual standards (relating to, amongst other matters, appropriate technical and organisational measures) in agreements with our service providers. These include measures to deal with any suspected data breach. If you suspect any misuse or loss of or unauthorised access to your personal data please let us know immediately. Details of how to contact us can be found below.
How long do we keep personal data?
We, or our service providers on our behalf, will ordinarily process your data throughout the course of our interactions and will then generally retain it for an appropriate period afterwards. The precise length of time will depend on the type of data, our legitimate business needs and other legal or regulatory rules that may require us to retain it for certain minimum periods. In other instances, there may be legal, regulatory or risk-management reasons for retaining data, including where certain data might be relevant to any potential litigation (bearing in mind relevant limitation periods).
In determining the appropriate retention period for different types of personal data, we always consider the amount, nature and sensitivity of the personal data in question, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition to ensuring that we comply with our legal, regulatory and risk-management obligations, as described above).
Once we have determined that we no longer need to hold your personal data, we will delete it from our systems.
Your legal rights in respect of your personal data
You have the right to ask for a copy of the personal data which we, or service providers on our behalf, hold about you, subject to certain exceptions. If any of the personal data which we hold about you is incorrect or out of date, please let us know and we will correct it.
You have the right to object to the processing of your personal data if it is being used because we deem it necessary for our legitimate interests. Where we have obtained your consent to process personal data for certain activities, you may withdraw this consent at any time and we will cease to carry out that particular activity unless we consider there to be an alternative reason to justify our continuing to do so, in which case we will inform you of the reason.
You also have the right to erase any personal data we hold about you and/or request that it be transferred to another data controller (again, subject to certain exceptions).
Please note that if you exercise any of the rights listed above, we may no longer have the personal data (e.g. contact details, financial information, etc.) necessary to comply with our obligations to you following such request.
Contacting us
If you would like to exercise any of your rights, or learn more about your rights, please contact biopharmacreditplc@linkgroup.co.uk.
You also have the right to lodge a complaint with a data protection supervisory authority, including in the EU member state of your residence, your place of work or the place of the alleged infringement. The UK regulator for data protection is the Information Commissioner and its contact details are: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF; telephone: 0303 123 1113; email: casework@ico.org.uk.