Please click here to download our Privacy Policy and Cookies Policy.
Grey Wolf Therapeutics Limited (“Grey Wolf Therapeutics / “we”, “us” or “our”) understands that your privacy is important to you and that you care about how your personal data is used. This privacy policy sets out how we look after any personal data that we collect from, or is provided to us, by visitors to our website www.greywolftherapeutics.com (our “Site”), external third parties with whom we have dealings and who share personal data with us, including but not limited to suppliers and their respective employees/representatives, visitors to our premises, emergency contacts of our employees, employment referees, witnesses of legal documentation and other people who otherwise interact with us (“you”).
This privacy policy together with our cookie policy https://gwtbio.egnyte.com/fl/H5kL0ZQXmG sets out how we look after any personal data that we collect from you, or that you provide to us, when you visit our Site and when otherwise interacting with us.
Please read this privacy policy carefully and ensure that you understand it.
Grey Wolf Therapeutics Limited is a company registered in England and Wales under company number 10989365.
Registered address: 99 Park Drive, Milton Park, Abingdon, OX14 4RY, UK
Email address: enquiries@gwt.bio
Grey Wolf Therapeutics Limited is the data controller in respect of your personal data. This means that we are responsible for deciding how we hold and use personal data about you.
We collect personal data so that we can operate effectively and provide you with the best possible service. The information we collect depends on the context of your interactions with us and your interactions with our Site. It also depends on the choices you make; for example, the functions you use and your privacy settings. You may choose not to provide certain information but if you do, and that information is necessary to provide a particular feature, then you may not be able to use that feature. We will only use your personal data where we have a valid lawful basis to do so.
The table below summarises what information we collect about you, explains how we intend to use it and what our legal basis is for using it.
External third parties such as CROs, suppliers and their respective employees/representatives
What information will we collect about you? | How will we collect information about you? | Why are we processing information about you? | What is our legal basis for processing information about you? |
---|---|---|---|
Name and email address, home address, phone number.
Employment organisation and address, your role. Zoom recordings: your name and image. |
Collected directly from you by email, face-to-face or by telephone when you contact us.
Collected from employees at organisations. Collected when you give us business cards and other contact information. Collected when you take part in Zoom calls with us as part of a business relationship and contract with us. |
To perform essential business operations.
To ask you for information about your organisation’s products or services, and for sales and contracting purposes. To evaluate suppliers and respond to supplier tender/bids. To store details used during the procurement process in our record-keeping system. To perform our contractual obligations to you or the organisation for which you work under any applicable contract. To provide requested services, information and product support and respond appropriately to your enquiries. To request feedback. |
To allow us to perform a contract with your organisation.
To enable us to pursue our legitimate interests to:
With your consent in relation to Zoom recordings obtained by clicking the accept button when we start to record a meeting. |
Visitors to our Site
What information will we collect about you? | How will we collect information about you? | Why are we processing information about you? | What is our legal basis for processing information about you? |
---|---|---|---|
Name, organisation name, phone number and email address and any other information which you choose to give us. | Collected when you contact us or complete the ‘Contact us’ form on our Site. | To deal with enquiries, correspondence and complaints.
To perform essential business operations. To communicate and personalise communications with you regarding information and services that you request from us. |
To enable us to pursue our legitimate interests to:
|
Device and usage data including IP addresses and device identifiers.
Device event information including crash logs, hardware settings, browser type and browser language. Location information. Cookies and similar technologies. |
Automatically collected and stored in our server logs when you interact with our Site. IP addresses may be collected when you complete a ‘contact us’ form.
Collected from IP address, GPS and other sensors. For further information on our use of see our Cookie Policy |
To improve user experience of our Site, for example to offer you tailored content.
Protect security of our Site and to prevent fraud. To communicate and personalise communications with you regarding information that you request from us. To analyse the traffic to our Site |
To enable us to pursue our legitimate interests to:
Consent |
Visitors to our premises, emergency contacts of our employees, employment referees and witnesses of legal documentation
What information will we collect about you? | How will we collect information about you? | Why are we processing information about you? | What is our legal basis for processing information about you? |
---|---|---|---|
Visitors: name, email address, employment organisation and address, your role, phone number | Collected when a meeting is arranged.
Collected when you give us business cards and other contact information. Collected from you face-to-face or when you communicate with us. |
To record visitors to our premises.
To provide visitors with entrance to and a security pass for the building. To diarise and confirm meetings |
To comply with a legal obligation to maintain the security/safety of you, our staff and others at our premises. If you fail to provide your personal data on visiting our premises, this may result in you not being permitted entry.
To enable us to pursue our legitimate interests to:
|
Witnesses of legal documentation: name, address, occupation | Collected directly from you if you witness a signature on a contract | To ensure the validity of legal documentation | To enable us to pursue our legitimate interests to perform contracts with our customers and other third parties |
Emergency contacts: name, relationship to employee, contact phone number | In-case-of-emergency contact details are collected from our employees | To communicate with you in the event of an incident concerning an employee who has elected you as next-of-kin or in-case-of-emergency contact | To comply with a legal obligation to maintain the security/safety of our staff and others at our premises. To enable us to pursue our legitimate interests to protect the wellbeing and welfare of our staff |
Employment references: name, contact number, email address, organisation and job title, opinion about potential employee. | Employment reference contact details are collected from our prospective employees | To communicate with you regarding requests for information from you. To gather employment references as part of our hiring process | To enable us to pursue our legitimate interests to carry out background checks on potential employees |
More about the information we collect and why
We have a duty to process personal data fairly, lawfully and in a manner that you would expect given the nature of our relationship with you. Where we have a legal basis to use your personal data (as set out in the table above), this policy fulfils that duty by giving you appropriate notice and explanation of the way in which your personal data will be used.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Where consent is required for our use of your personal data, we will ask you to positively opt-in and you may withdraw your consent at any time. If you have any questions or require any further information regarding our use of your personal data, please contact us using the details provided in Part 9.
Under data protection laws, you have the following rights to:
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 9.
You should be aware that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your use of the Site you may not be able to use the Site as you did before.
It is important that your personal data is kept accurate and up to date. If any of the personal data we hold about you changes, please keep us informed.
Further information about your rights can also be obtained from the Information Commissioner’s Office.
The personal data that we hold about you will only be processed and stored within the United Kingdom or European Economic Area. If we transfer your personal data out of the UK to the EEA, this is on the basis that the EEA is deemed to provide an adequate level of protection for personal data.
Personal information such as your name and email address, and also mobile phone numbers stored in the Breathe HR system, may be viewed by our employees or consultants that are not based in the UK or EEA. This is not a restricted transfer as it is within our company and you can expect a similar degree of protection in respect of your personal information.
Some of the third parties that we work with may transfer your personal information outside the UK and EEA as set out in their privacy notices, such as Google Analytics (listed below). If they do, you can expect a similar degree of protection in respect of your personal information through the use of safeguards such as special contracts approved by the European Commission and the Information Commissioner’s Office.
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations.
Unless we inform you otherwise (or you request that we erase your personal data) we will retain your personal data for as long as is reasonably necessary to fulfil the relevant purposes set out in this privacy policy and during the period required or permitted by law.
The retention period will be determined by relevant legal and regulatory obligation and/or duration of our relationship with you. We may need to keep personal data related to our contracts with third parties for up to seven years in some circumstances (and in some instances, longer) for legal reasons. Zoom meeting recordings will be kept for up to 60 days and we will delete them promptly when it is no longer necessary for us to retain them. If training sessions are recorded on Zoom, we may keep them for longer for future training purposes to comply with our legal and regulatory obligations.
Personal data security is essential to us, and to protect your personal data all information that you provide to us is stored on secure servers. We have put in place appropriate measures to protect the security of your information.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the information transmitted to our site and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or inadvertent disclosure.
If you receive a password to access any of our systems, you must keep this confidential and you must not share it with anyone else nor use another person’s password.
To learn more about the security measures we put in place click here.
We take the following measures:
You acknowledge that we may share your personal data on the legal basis as set out
in the table above or with your consent with selected third party service providers that support us in the performance of the activities set out in the table in Part 2 above, including the following third parties who may process personal data about you for the following purposes:
External third parties such as CROs, suppliers and their respective employees/representatives and other people who contact or interact with us:
Visitors to our Site:
More information about the way we use Google Analytics can be found in our Cookie Policy.
Visitors to our premises, emergency contacts of our employees, employment referees and witnesses of legal documentation:
We require all our third-party service providers, to take appropriate and stringent security measures to ensure that your personal data is handled safely in line with our policies.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
If we sell, transfer, or merge parts of our business or assets, your personal data may be shared or transferred to a third party.
We may also be legally required to share certain personal data, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority or a regulatory body or where we have another legitimate interest in doing so that is not overridden by your interests and fundamental rights. For example, to protect our customers or to operate and maintain the security of our computer systems.
We may also share Zoom recordings with third parties if you have agreed to this.
Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 9 and we have one month to respond.
There is not normally any fee for a subject access request (or to exercise any of the other rights described in Part 3). If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a reasonable fee may be charged to cover our administrative costs in responding. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data are not disclosed to any person who has no right to receive it.
To contact us about anything to do with your personal data and how we handle it,
including to make a subject access request, please contact our data compliance
officer, Andrea Richardson, using the following details:
Email address: privacy@gwt.bio
Postal Address: 99 Park Drive, Milton Park, Abingdon, OX14 4RY, UK
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, so please contact us in the first instance, using the details above.
We may change this privacy policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be posted on our website: https://www.greywolftherapeutics.com
We recommend that you check this page regularly to keep up-to-date. This privacy policy was last updated on 30 September 2022.