Who are we?
We are Shionogi Limited (Shionogi), a pharmaceutical company and the data controller in respect of your personal data.
We take privacy extremely seriously and the purpose of this notice is to explain why and how we are collecting, processing and protecting your personal data. This could be your name, mailing address or email address, and any other information further identified below and defined as ‘personal data’ under the General Data Protection Regulation (GDPR) that you choose to share during our interaction with you.
Our full name: Shionogi Limited
Our contact details: 33 Kingsway, London WC2B 6UF, UK
Data Protection Representative’s details: Clare Shepherd
To find out how to contact us, check out our CONTACT US page.
Our purposes for collecting and processing your personal data and the categories of information processed
We are collecting specific categories of personal data for the following purposes:
Contact names (project stakeholders and participants), email addresses, contact phone numbers, payment details.
- Management of third party contractors and suppliers
Contact names, contact details (address, email, phone numbers), CVs.
- Fraud prevention and detection
Contact names, data and monitoring information associated with accounts.
- General office administration and accounting
Contact names, contact details (e.g. address, email address, telephone numbers),tax identifiers (HMRC tax codes for employees or VAT numbers for third party contractors and suppliers), time sheets, data associated with accounts receivable or accounts payable.
- Website Performance management and security
IP Addresses (in server log files)
- HR administration, including payroll and recruitment
Contact names, contact details (address email, phone numbers), HMRC tax codes for employees, attendance records/time sheets, training records, sick certificates and data relating to occupational health, CVs.
Occupational health data, accident reports, including details of injuries and contact information for injured parties or witnesses.
- Delivering training (directly or indirectly)
Trainer and attendee names, email addresses, assignments and attendance records.
Contact names, telephone numbers, email addresses, social media identifiers, postal addresses, payment details.
Our grounds for collecting and processing your personal data
Necessary for the execution of contracts and legitimate interest (It is necessary to be able to contact project stakeholders to deliver projects we are contracted to deliver).
- Fraud prevention and detection and general office administration and accounting
Legitimate interest (it is in the legitimate interest of Shionogi to process information for administration and compliance with accounting requirements), Statutory Obligations and necessary for execution of contractual obligations.
- HR Administration and management of third party contractors and suppliers
Statutory obligations (e.g. payment of payroll taxes etc.), legitimate interests (it is in the interests of Shionogi to efficiently and effectively manage staff and ensure compliance with duties of care and other obligation), necessary for the execution of contractual obligations and necessary for obligations arising in the area of employment, taxation, and social security legislation.
Legitimate interests (it is in the legitimate interest of Shionogi to process data about health and safety issues for the purposes of seeking legal advice, defending claims, and supporting insurance risk assessment), necessary for obligations arising under employment law and social security legislation and statutory obligations
Consent and legitimate interest (it is necessary to be able to contact third party trainers in order to deliver appropriate training to employees).
Consent and legitimate interest – for postal marketing (it is in the legitimate interest of Shionogi to engage in marketing to promote its products or services).
Categories of Recipients
For many of our processing activities, we are required to disclose data to third parties who are not data processors acting on our behalf or data controllers on whose behalf we are working.
Categories of such recipients include:
- Tax authorities (e.g. HMRC)
- Law Enforcement and Regulatory Bodies and Authorities (e.g. where required for investigation, detection or prosecution of criminal offences).
- Health and Safety authorities and/or professionals where we believe such disclosure is necessary and appropriate to prevent harm.
Cross-border data transfers
Shionogi may, from time to time, make use of services provided by third parties or an international Shionogi group entity (hereafter our ‘providers’) for the delivery of our services and products which may necessitate the transfer of personal data outside the EU/EEA, including but not limited to the transfer of personal data associated with grant programmes.
Where data needs to be transferred or processed outside the EU/EEA, we choose providers who process data on the basis of:
- EU/US Privacy Shield
- Model Contract Clauses
- An Adequacy Decision from the European Commission.
In exceptional circumstances we will rely on the consent of the data subject or the necessity of the processing for the performance of or conclusion of a contract that the data subject has entered into.
On a case by case basis, we may rely on other grounds for transfer, including processing that is necessary for the establishment, exercise, or defence of legal claims.
Data Retention and Storage
Shionogi retains personal data about individuals for a range of periods. The basis for our retention periods is as long as is necessary and is in accordance with and based on:
- Statutory/Regulatory obligations
- Contractual obligations
- Quality assurance standard obligations.
- For reasonable periods after the conclusion of engagements for risk management purposes.
On a case by case basis, data may be retained for longer where required for actual or potential legal actions or the management or mitigation of operational or strategic risks to Shionogi.
- For processing activities for which we rely on consent as a basis for processing your data, you have the right to withdraw your consent at any time.
- For processing activities which are based on a statutory or contractual requirement, you may request your data not be processed for that purpose. However, this is not an absolute right and may be over-ridden by our statutory obligations. In other cases, requesting that data should not be processed for a particular purpose may prevent us from executing a contract or delivering a service to you.
- You have the right to request
- Access – A copy of data we hold about you
- Rectification – That any error in data we hold about you is corrected
- Erasure – That data we hold about you be erased, unless we have a countervailing interest or legal obligation to retain it
- Restriction of processing – That we refrain from processing data for a specific purpose
- You have the right to complain to the Information Commissioner’s Office about the manner in which or otherwise in respect of the manner in which we process your personal data; and to seek compensation through the courts.
We maintain appropriate safeguards to help protect personal data collected through our website from loss, theft, misuse, or other unauthorized access, disclosures, alteration, or destruction. Although we use reasonable efforts to safeguard information, transmission via the internet is not completely secure and we cannot guarantee the security of your data collected through the website.
The website may include links to other websites for your convenience and information. Those websites may be operated by entities not affiliated with Shionogi, and may have their own privacy policies or notices, which you must review. Shionogi is not responsible for the content or privacy practices of any linked websites that we do not control.
Changes to this Privacy Notice
We may change this privacy notice from time to time.
If we make changes, we will revise the Effective Date and we encourage you to review this privacy notice whenever you visit the website to stay informed about our information practices.
Effective date: 22nd May 2018