Privacy Policy
This policy was last updated on 14 May 2019
At O4 Research, Privacy begins with Trust.
We believe that trust is a core privacy value and essential to our mission to support the development of innovative medicines and healthcare services by delivering clinical research excellence. We respect your privacy, are committed to protecting your personal data and our privacy policy is therefore centred around our dual aim to drive trust in how we engage with people and how we access, use and transfer information about people.
Please read the complete Privacy Policy which will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
Overview
O4 Research (the ‘Company’) is aware of its obligations under the EU General Data Protection Regulation (EU GDPR), UK General Data Protection Regulation (UK GDPR) and domestic data protection legislation and is committed to processing your data securely and transparently. In this privacy notice whenever you see the words ‘We’, ‘Us’ or ‘Our’, it refers to the Company. This privacy notice sets out, in line with current data protection obligations, the types of data that we hold when you visit our corporate website https://www.o4research.com. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
Data Controller
We are the data controller of your personal data, meaning that we determine the purpose and the way your personal data is used and processed. Our Head Office is located at Concourse III, Queen’s Road, Titanic Quarter, Belfast, BT3 9DT, Northern Ireland.
We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice and if you have any questions about this privacy notice, how we handle your personal data, or you want to exercise any GDPR rights, please contact the DPO at the address above or via email to dpo@o4research.com
Data Protection Principles
In relation to your personal data, we will:
- Process it fairly, lawfully and in a clear, transparent way
- Collect your data only for reasons that we find proper for the course of your employment and/or the fulfilment of contractual obligations in ways that have been explained to you
- Only process personal data that is relevant to the purposes we have told you about and limited only to those purposes
- Ensure it is correct and up to date
- Keep your data for only as long as we need it for the purposes we have told you about
- Keep it secure
What Personal Information is Handled by O4 Research and for What Purposes
To help you navigate this section, our explanations are based on the main categories of relationships between O4 Research and those it collects personal data from.
If alternative privacy terms are provided to you for a specific purpose those terms will govern the processing of personal data in relation to that purpose.
On some website pages you may choose to provide personal information about yourself depending on your relationship with O4 Research via the contact form e.g.
- if you are interested in employment or service provider opportunities with O4 Research
- if you are interested in providing clinical trial Investigator or related services
- if you are interested in participating in a clinical trial
- if you are interested in obtaining services from or providing services to O4 Research
- Keep your data for only as long as we need it for the purposes we have told you about
- Keep it secure
Contact Form
The following data points are collected from you when you submit a contact form: Full name, email, company
– We will use this information to send you information or proposals regarding your requested service.
– We will not share this information with third parties.
– We will store this data for a period of 3 years from submission.
The applied legal basis under the GDPR for this processing is the performance of a contract, particularly to take steps at the request prior to entering into a contract.
Enquiries via email
The following data points are collected from you when you leave your enquiry on enquiries@o4research.com: name (optional), email address and content of the message.
– We will use this information to reach out to you and help you with your inquiry. We can also use the content of your request to improve our products and services or analyse our marketing efficiency if it contains valuable information.
– The applied legal basis for these activities is our legitimate interests
– We will store this information for a period of 3 years from the date it was received.
Cookies
O4 Research’s website uses cookies. A cookie is a data file that is placed by a website or mobile application operator on the hard drive of a visitor to their website. O4 Research and third parties with whom we work may place cookies with the following functions on the computers of visitors to O4 Research’s website: to allow the website to deliver the service requested by the visitor; to remember repeat visitors; to improve the user experience of the Website; to allow the company to perform site or mobile application analytics; and to serve and help tailor our marketing messages on our Websites and elsewhere on the internet based on the visitor’s previous browsing activity.
We only use cookies based on your consent, with the exception of cookies that are strictly necessary to provide you with the services that you have requested.
If you don’t want non-essential cookies to be placed on your device, then you can easily accept or reject them in the cookie banners. Otherwise, most browsers will allow a visitor to choose which cookies can be placed on his/her computer and to delete or disable cookies. Please note that disabling cookies may prevent a visitor from using certain features on O4 Research’s website.
Whilst we do all that we can to safeguard the security of your personal data, the transmission of information over the internet is not completely secure and therefore you do this at your own risk. Once we receive your personal information, we will implement strict security procedures to prevent unauthorised access.
Social Network Pages
To promote our services, we maintain public pages on social networks, such as LinkedIn. We track the efficiency of those social network pages based on the user traffic data provided by the social network providers. The applied legal basis for these activities is our legitimate interests for which we are joint controllers with the social network providers. If you would like to learn more about how to exercise your rights on social networks pages, do not
hesitate to contact us or the social network provider directly.
Potential Employees
Our website offers a page for anyone to apply for a job position at the Company. For us to consider your application, we collect your First, Last Name, Email, Cover Letter (Optional) and CV. We assess this information against the job requirements for our recruitment purposes only. The applied legal basis for this activity is our legitimate interests. We will store CVs and related job data for a period of 18 months. Notwithstanding the foregoing, if we keep such information for a longer period, we will ask for your consent.
Your personal data will be shared with colleagues within the Company where it is necessary for them to undertake their duties and where this is reasonably necessary for the processing purposes set out above. This includes, for example, your line manager for their management of you and HR personnel for recruiting purposes. From time to time, we will need to share your information with external people and organisations. We will only do so where we have a legitimate or legal basis for doing so and in compliance with our obligations under data protection laws. We share your personal data with third parties in order to obtain references and pre-employment screening, where permitted.
Sharing your data with third parties
We may involve third parties to provide our services. These include cloud hosting, email notification providers, technical support ticket providers, analytics services, and logistics providers.
These third parties process personal data based on our instructions only, and we ensure these companies apply the appropriate level of protection to your personal data.
Personal data security
Personal data is stored on servers that are located in the UK and EEA. We have implemented appropriate technical and organisational measures to ensure the adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. For international transfers of personal data, we implement appropriate safeguards (e.g., EU and UK Standard Contractual Clauses) as required by the EU and UK GDPR. To learn more about transfer mechanisms implemented please contact us by email.
To ensure safety our services are encrypted with SSL technology; operational rules for the collection, storage and processing of personal data, including physical security measures, are updated on an ongoing basis; only our employees, as well as our service providers that need access to personal data to perform their duties, are granted access to personal data. All staff members are subject to confidentiality obligations; most transfers of data outside the Company’s systems are encrypted.
Sharing your data outside of the EEA
If you are employed in a clinical operations role, we may need to share your personal data with bodies outside of the European Economic Area (‘EEA’). This will be because your personal data is included in bid defence documents and Trial Master Files. The type of personal data shared in this situation will be limited to names, educational establishments attended and names of previous employers. If we do transfer your personal data outside the EEA, we will use one of these safeguards to make sure it is protected:
- We will only transfer it to a non-EEA country which the European Commission or the UK Secretary of State has decided has an adequate level of protection for personal data. You can find more about such countries here https://ec.europa.eu/info/law/law-topic/data-protection_en or
- We will put a written contract in place between us and the recipient that incorporates EC model clauses relating to the transfer of personal data outside the EEA issued by the European Commission or the standard contractual clauses for the transfer of personal data to processors in third countries, issued by the UK Information Commissioner’s Office (“ICO”) as varied, supplemented, amended or replaced by the ICO from time to time.
- If none of the above situations apply, we will not transfer your personal data unless you have given your express consent to the proposed transfer, after having been informed of the possible risks.
Automated decision making
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the personal data we hold including:
- The right to be informed. This means that we must tell you how we use your personal data, and this is the purpose of this privacy notice
- The right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request
- The right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it
- The right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
- The right to restrict the processing of the data. When you contest the accuracy of your information, believe we process it unlawfully or want to object against the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will stop processing your data (other than storing it) until we are able to provide you with evidence of its lawful processing
- The right to portability. In certain circumstances, you may have the right to require that we provide you with an electronic copy of your personal information either for your own use or so that you can share it with another organisation. Where this right applies, you can ask us, where feasible, to transmit your personal data directly to the other party
- The right to object to processing of your personal data. You have the right to object to the way we use your data
- The right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in a way that adversely affects your legal rights.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
Your Personal Data Rights and Privacy Choices
To exercise any of the above rights, please refer to contact information below and O4 Research will assess your request and will respond within the relevant legal time limits. If you disagree with the accuracy or completeness of any personal information, please notify O4 Research as per ‘Contact information or Complaints’ section below and we shall endeavour to resolve any issues concerning your personal information. If O4 Research is not able to provide the requested information or make the change you request, you will be provided with reasons for such decision.
Privacy of Children
www.o4research.com is a general audience site and no part of the site is structured to attract children, nor is it intended for children. O4 Research does not knowingly collect any personal data from children. If you are a parent and become aware that your child has provided us with information, please contact us using one of the methods specified below, and we will work with you to address this issue.
Changes to our Privacy Policy
We will only use Personal Data in the manner described in the Privacy Notice in effect when the information was collected from you or as authorised by you. However, and subject to any applicable consent requirements, or if required by law, we reserve the right to change the terms of this Privacy Policy at any time. Any changes to this Privacy Policy will be reflected on this page with a new effective date. O4 Research encourages you to review this Privacy Notice regularly for any changes. Any Personal Data collected upon your continued use of O4 Research services will be handled in accordance with the currently posted Privacy Policy.
Contact Information or Complaints
In order to exercise any of your data protection rights, a request should be made to dpo@o4research.com or by writing to us using the address below. Using reasonable efforts, O4 Research will promptly respond to any queries or complaints and may request information to verify your identity prior to implementing your request.
If you believe that that our use of personal information violates your rights, or if you are not satisfied with a response you received to a request you provided to us, you are entitled to lodge a complaint with your local data protection supervisory authority. The lead supervisory authority for O4 Research is the Information Commissioner’s Office (see https://ico.org.uk)
ICO
icocasework@ico.org.uk
Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm
If you wish to provide us with any feedback or have any questions or comments relating to this policy these should be submitted to the O4 Research Data Protection Officer as follows:
Data Protection Officer, O4 Research Ltd, Queen’s Road, Titanic Quarter, Belfast, BT3 9DT, Northern Ireland and dpo@o4research.com