Third Party Privacy Notice

This privacy notice describes how Syncona Limited and its group (together, “Syncona Group” or “we”) gather and process personal information relating to certain third parties.

This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data.

The Syncona Group is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

We have separate privacy notices in relation to personal information of our employees and users of our website, and you should refer to those where appropriate.

Data Protection principles

We will comply with data protection law. This states that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

Information regarding why this notice applies to you

The table below details the information we may on you hold together with the purpose it is required:

Data Subject

Category of information

Purpose for holding the Data

Employment candidates

Contact details

CV

Recruitment purposes

Recruitment agents

Contact details

Recruitment purposes

Scientists, Researchers and Clinicians

Contact details

Financial details

Potential business founder

Consultancy work

Investors in the Life Science Industry

Contact details

Potential investments

Third Party service providers

Contact details

Manage the business relationship

Fund Managers and other connected parties

Contact details

CV

Manage the business relationship

Our Shareholders

Contact details

Announcements

News updates

Shareholder administration

Analyst contacts

Contact details

Announcements

News updates

Directors of the Syncona Group

Contact details

Financial details

Manage the business relationship

PDMRs and connected persons

Contact details

Regulatory compliance

Some of the above purposes for holding data will overlap and there may be several purposes for our use of your personal information.

If we collected your personal information for a particular purpose then we will only use it for that purpose, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

How is your personal information collected?

We may collect personal information in the following ways:

  1. Directly from you in person or by telephone, fax, email or other forms of electronic communication.
  2. Through any agents, advisers and intermediaries or other third parties to whom you have provided authorisation to;
  3. From other companies in the Syncona group;
  4. From publicly available sources.

When will we use your personal information?

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances (which are permitted by law):

  1. Where we need to perform the contract we have entered into with you.
  2. Where we need to comply with a legal obligation.
  3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We may also use your personal information in the following situations, which are likely to be rare:

  1. Where we need to protect your interests (or someone else's interests).
  2. Where it is needed in the public interest.

Data sharing

We may share your data with third parties as necessary to administer the working relationship with you or where we have another legitimate interest in doing so. We require third parties to respect the security of your data and to treat it in accordance with the law.

Examples of third parties would include the following:

  • Affiliated entities and group companies;
  • Members of the Citco Group of companies (who act as our administrator and custodian)
  • Link (our share registrar)

The above list is not exhaustive and may be subject to change.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those who have a business need to know. Your personal information shall only be processed on our instructions and any third parties your data is shared with is subject to a duty of confidentiality.

Retention Periods

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We seek to ensure that data is not held for longer then required and is securely disposed of when the need for it expires.

What happens if we do not have your personal information

If we do not have relevant information when requested, we may not be able to carry out any obligations we have to you, or we may be prevented from complying with our regulatory and legal obligations.

It is also important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. Requests can be made by getting in touch with us using the contact details located on our website.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We will aim to comply with your request within a 30-day timeframe.

Changes to this privacy policy

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.

Lodging a complaint

If you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, please contact us at contact@synconaltd.com.

In addition, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK authority for data protection issues.