General Privacy Notice
Last Updated 27th November 2024
Rinri-Therapeutics Ltd is committed to protecting the privacy and security of your personal information.
This privacy notice explains what personal data (information) we will hold about you, how we collect it, and how we will use and may share information about you in the conduct of our business activity. We are required to notify you of this information under the UK General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. Please ensure that you read this privacy notice and any other similar notice we may provide to you when we collect or process personal information about you.
Data Controller and Contact Details
In collecting and processing this personal data Rinri-Therapeutics Ltd is the data controller of your personal data in relation to the job application process. When we say “Rinri”, “we”, “us”, “our”, or “the Company”, this is who we are referring to.
The Company is registered at:
Innovation Centre
217 Portobello
Sheffield S1 4DP, UK
Tel: +44 [0] 114 222 4330
Email: enquiries@rinri-therapeutics.com
Whose data, what data and why we collect it
refer to the table below to understand whose data we are collecting, what category of data, the purpose and the legal basis for each of them.
Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of Our Site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.
1. Definitions and Interpretation
In this Policy, the following terms shall have the following meanings:
Main Purposes | Data subject | Items of personal data | Legal basis (EU and UK) |
Carrying out clinical studies, sponsoring clinical trials and wider research studies and carrying out our own clinical research and engaging with necessary regulatory inspections, audits and reporting obligations connected with clinical research. | HCPs, Patients, Business Partners. | Personal details, Professional Data (of HCPs), Employment and Business details, Communications content, Health and medical records, Photographs and medical images, Physiological and Physical Data (of Patients). | This processing is based on the necessity for our legitimate interests for the purposes of improving health care products and services and conducting scientific research. Some of our processing in connection with clinical studies is also necessary when we have a respective legal obligation under medical laws. Under limited circumstances, where this is required by applicable law, we will rely on your (explicit) consent. More details about our processing and lawful basis are available in study specific documentation like Patient Information Sheet (PIS) or the Inform Consent Form (ICF). |
Medical affairs work, including organisation of Advisory Boards, communicating scientific and clinical information to the medical community, maintaining external relationships with key leaders within the scientific community, patient groups, and other authorities and carrying out market research and other research studies. | HCPs, Patients, Business Partners. | Personal details, Professional Data (of HCPs), Employment and Business Details, Financial details, Communications content, Health and medical records Photographs and medical images, Physiological and Physical Data (of patients). | This processing is based on the necessity for our legitimate interests in maintaining and improving our relationships with the medical community. We may process data on the basis of consent if this is required to contact you about our medical affairs work. |
For the purpose of entering into and performing our contractual obligations with you, including managing communications, compensating you, and fulfilling clinical oversight responsibilities in your capacity as an advisor to or member of an Oversight Committee in our clinical trials and studies. | HCPs and other professionals,Oversight Committee Members (e.g. Trial Management Group, Data Monitoring Committee), | Personal details, professional data, employment and business details, communications content, financial details. | This processing is based on the necessity for the performance of a contract with you as an individual. In certain cases, we may also rely on legitimate interests in managing the safety and oversight of clinical trials, or on compliance with legal obligations (e.g., tax purposes or clinical trial regulations). |
Entering into and performing a contract with you, including processing payments and transactions. | HCPs, Collaborators, Key Opinion Leaders, Business Partners. | Personal details, financial details, Communications content. | This processing is based on the necessity for the performance of a contract with you as an individual or is necessary to achieve our legitimate interests of conducting business with your employer. Sometimes, we rely on legal obligations under medical laws. |
Managing our business, site and services. Investigating any emails, information, enquiries or complaints received from you or from others, about our website or our products or our activities.* | HCPs, Patients, Business Partners, Members of the Public. | Personal details, Professional data, Employment and Business details, Communications Content, Technical and Usage data. | For these purposes, we will rely on our legitimate interest in evaluating, conducting and promoting our business and business activities. In some circumstances, where required by law, we will collect your consent, for example to place cookies on our website. More details on our use of cookies are included in our cookies policy. |
Office visitors | HCPs, Business Partners, Members of the Public. | Personal details | We have a legitimate interest in ensuring everyone that accesses our premises or business events is kept safe and that we maintain security across our offices. |
Processing your job application | Refer to our Job applicant privacy notice | ||
Interactions with Patient Groups | HCPs, Patients, Business Partners | Personal details, financial details, Communications content. | This processing is based on the necessity for our legitimate interests for the purposes of improving health care products and services and conducting scientific research. Under limited circumstances, where this is required by applicable law, we will rely on your (explicit) consent. |
* Note that any sensitive data you voluntarily provide through our website will be handled in accordance with our data protection practices and, unless required otherwise, will be deleted once we have responded to your inquiry.
How do we collect the data
We will collect your personal data from you, companies or organisations to which you belong, or websites or other media to which you have registered to disclose information. We may also collect your data from the following sources:
- Third parties we work with (including, business partners, sub-contractors, providers, agencies, etc). If you are a health care professional, we receive information about your professional life (such as medical specialisation and professional background) from third party sources, including Clinical Research Organisations.
- Other organisations you have provided permission to share with us.
- Publicly available sources (where possible).
Who do we share the data with
We will only share your personal data as necessary to achieve the purposes set out in this privacy notice, including to the following recipients:
- Companies who provide services to us or on our behalf
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- IT service providers.
- Clinical Research Organisations.
- Healthcare Professionals.
- Other organisations, including universities.
- A new entity or purchaser, in the case we merge with another organisation or form a new entity. In such case, your personal data may be transferred to that new entity and/or purchaser, including their professional advisors.
- Appropriate third parties where this is necessary to:
- Comply with any court order or other legal obligation or when data is requested by our regulators or by government agencies or law enforcement agencies.
- Enforce or apply our terms of use and any other agreements.
- Protect the rights, property, or safety of us, our employees or others.
- where needed for corporate audits or to investigate or respond to a complaint or security threat.
No Third-Party Direct Marketing Use: We will not sell or otherwise transfer the personal data you provide to us to any third parties for their own direct marketing use unless we provide clear notice to you and obtain your explicit consent for your data to be shared in this manner
Transferring information outside the UK
Rinri and their service providers may process your personal information in countries both within, and outside, the United Kingdom (UK) and the European Economic Area (EEA). Whenever we transfer your personal data out of the UK or the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK authorities or the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the UK and Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Data Privacy Framework (DPF) regime which requires them to provide similar protection to personal data shared between Europe and the US or have appropriate safeguards in place such as Standard Contractual Clauses (SCCs).
How does the Company protect data?
Rinri has internal policies (Information Security Policy and Backup and Disaster Recovery) and controls (such as Role Based Access Control, Auditing, Anti-malware software, Data Encryption, Firewalls, Intrusion Detection Systems, Vulnerability Scanning and Patching, plus others) in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by authorised employees in the performance of their duties. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Where the Company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
How long we keep your information
We will retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. Where we process personal data to meet legal requirements, we hold this for as long as the law requires. After we achieve the purpose for which your personal data was collected, we erase or dispose of it appropriately, or anonymise it so that it can no longer identify an individual, based on our rules for processing your personal data.
Where we process personal data with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to process your data indefinitely so that we can respect your request in the future.
Your rights
You have a number of rights related to the Personal Data that we Process about you (this will depend on the legal basis that we use). Most often, exercising your right is free of charge. We may also have to clarify your request and explain if we can comply with it or if this is restricted in your situation. You may have the right to:
- Access and obtain a copy of your data on request;
- Require the Company to change incorrect or incomplete data;
- Require the Company to delete or stop processing your data – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it;
- Object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing;
- Request a restriction of processing of your personal data; and
- In some cases, request the transfer of your personal data.
If you would like to exercise any of these rights, please contact the DPO. For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the DPO. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed.
Exceptions to your rights
There may be exceptions to your privacy rights described in this Notice. For example, if fulfilling your request would reveal personal data about another person, where it would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in applicable national laws, and we will inform you or applicable exemptions in our response to your request.
Your right to complain
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk/make-a-complaint/ or telephone: 03031231113). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
How to contact the Data Protection Officer
In order to exercise any of the above rights or for any questions regarding this Notice and our privacy practices, you can send an email to us at data.protection@rinri-therapeutics.com or a letter at: Rinri Therapeutics Ltd, Innovation Centre, 217 Portobello, Sheffield S1 4DP, United Kingdom.
Changes to this notice
It’s likely that we’ll need to update this notice from time to time, so check back here regularly to find out more. Your continued use of the site will mean that you accept those revisions.