Privacy Hub

1. Privacy Notice

Directed to suppliers, service providers and collaborators who are natural persons.

2. Our contact details

Name:

ENARA BIO LIMITED

Address:

The Magdalen Centre, TheOxford Science Park,

1 Robert Robinson Avenue, Oxford, OX4 4GA

Phone Number:

Website:

www.enarabio.com

E-mail:

data.privacy@enarabio.com

3. Introduction

This privacy notice applies to our suppliers, service providers, academics and collaborators who are natural persons (such as self-employed persons), and the employees, workers, agents, representatives or contact persons of our suppliers, service providers and collaborators who are legal entities.

It describes how Enara Bio collects and uses personal information about you during and after your working relationship with us, in accordance with relevant data protection legislation.

Enara Bio is a "controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using that information and what your rights are under the data protection legislation.

4. The type of personal information we collect

We may collect and process the following information:

  • personal identifiers and contact information (e.g. name, first name, last name, title, gender, email, business address, fixed and/or mobile phone number) your business title, position, name of organisation, and (where relevant) your background/expertise, qualifications, skills
  • for natural persons acting as suppliers, service providers or collaborators: financial information (e.g. bank account details, VAT number)
  • your electronic identification data where required for the purpose of delivering products or services to our company (e.g. login, passwords, IP address, online identifiers/cookies, logs, access and connection times, and CCTV /security footage when visiting our site)
  • Professional biography and/or other information – including your CV/resume, photograph, academic information and your interests
  • Travel-related and other identification information – including your passport number or national ID number.

5. How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you, such as when you participate in a contractual arrangement or in our procurement and/or payment process, or from your employer acting as our supplier/service provider/collaborator (the legal entity for whom you work) and from other sources including professional social media platforms such as LinkedIn and our industry network.

We use the information that you have given us in order to:

  • manage a professional relationship with you
  • manage our suppliers and service providers throughout the supply chain
  • organise tenders, implement tasks in preparation of or to perform existing contracts
  • billing and invoicing and resolution of related queries
  • archiving and record-keeping
  • validating authorised signatories
  • conducting background checks to ensure we are not precluded from working with a supplier
  • monitor activities at our facilities, including compliance with applicable policies as well as health and safety rules in place
  • grant you access to our training modules allowing you to provide us with certain services
  • manage our IT resources, including infrastructure management and business continuity
  • preserve the company’s economic interests and ensure compliance and reporting (such as complying with our policies, legal requirements, tax and deductions, managing alleged cases of misconduct or fraud, conducting audits and defending litigation)
  • manage mergers and acquisitions involving our company
  • any other purposes imposed by law and authorities

We may share this information with:

  • our personnel and personnel of our affiliate company Enara Bio Inc.
  • our other suppliers and service providers that provide services and products to us (including: IT services, consulting services, payment/invoicing services, outsourcing companies, database providers, cloud service providers, travel agencies, event agencies, banks and insurance companies that deliver service to us, our external advisors, lawyers, auditors and, potentially, third parties with whom we may be involved in a sale or acquisition.
  • our collaborators and partners in joint projects

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. Any international transfers of your personal data shall be undertaken in compliance with relevant data protection legislation.

Under Data Protection Legislation, , the lawful bases we rely on for processing this information are:

  1. The processing is necessary to perform our contractual obligations towards you or to take pre-contractual stepsat your request. Including preparing requests for proposals or tenders or other activities in preparation of acontract with you; to perform our obligations and exercise our rights under an existing contract with you (e.g. invoicing, contract management and archiving, conducting contractual audits).
  2. The processing is necessary to comply with our legal or regulatory obligations. Including compliance withaccounting, tax, healthy & safety, GxP laws and regulations; to respond to a request from a judicial authority which has jurisdiction.
  3. We have a legitimate interest. Including but not limited to the following purposes: to conduct our business; maintain the integrity of our premises, assets and systems; to investigate, prevent or take actions against criminal activities, suspected fraud and misuse of our products, services, assets and IT network; to establish or exercise our legal rights or defend against legal claims; to monitor activities at our premises, including compliance with applicable policies as well as health and safety rules in place; to sell or enable the acquisition of all or part of ourbusiness and/or assets by a third party; to meet our corporate and social responsibility objectives.

6. How we store your personal information

We seek to use reasonable organisational, technical and administrative measures to protect and securely store yourPersonal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.

We retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply withlegal or regulatory requirements. The retention period is the term of your (or your organisation's) supply, service orcollaboration contract with us, plus the period of time until any legal claims under this contract become time-barred, unless overriding legal or regulatory schedules require a longer or shorter retention period. When this period expires, we will then dispose of your information in accordance with applicable laws and regulations.

If we anonymise your personal information so that you can no longer be identified from it, it is no longer consideredpersonal information and we may use such information without providing any further notice to you.

7. Your data protection rights

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at the contact details set out at the beginning of this notice if you wish to make a request.

8. How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at the contact details set out at the beginning of this notice.

You can also complain to the ICO if you are unhappy with how we have used your data.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

v1.0, 23-June-2023