The links below explain how we use personal data for different purposes at Genomics.

If you are a user of one of our services or products, please refer to the privacy notices that will be made available to you separately by us or one of our partners.

How do we use personal data from website users?
How do we use personal data from people who subscribe to our mailing lists?
How do we use personal data – and other data – that have been collected in scientific research?
How do we use personal data for recruitment purposes?

Our Data Protection Officer can be contacted at: dpo@genomicsplc.com or +44 01865 981600.
The UK data protection regulator is the Information Commissioner’s Office: https://ico.org.uk

If you apply for a job at Genomics plc, please refer to the privacy notice on our jobs section.

How do we use personal data from website users?

OVERVIEW

This privacy notice describes how Genomics plc (“we”, “us”, “our”) as a data controller collect and use personal data about you if you use www.genomicsplc.com (our “site“). It applies to all users of our site.

WHAT PERSONAL DATA DO WE USE?

We need to collect, store, and use the following categories of personal data about users of our site:

Technical Data

This includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our site.

Usage Data

This includes information about which pages you visit on our site.

We also collect, use, and share “Aggregated Data” such as statistical or demographic data. Aggregated Data may be derived from your Technical Data or Usage Data but is not considered personal data in law as it does not directly or indirectly reveal your identity.

For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of our site. However, if we combine or connect Aggregated Data with Technical Data or Usage Data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this privacy notice.

HOW WE WILL USE PERSONAL DATA

We will use your Technical Data to administer and protect our business and the site (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data). This is necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise) and thus also necessary to comply with a legal obligation.

We will use your Technical Data and Usage Data for data analytics to improve our site. This is necessary for our legitimate interests (to keep our site updated and relevant, and to develop our business).

We will only use personal data for the following purposes:

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

To fulfil legal or regulatory requirements if necessary.

HOW IS YOUR PERSONAL DATA COLLECTED?

As you interact with our site, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our cookie policy for further details.

AUTOMATED DECISION-MAKING

No decisions will be taken about you using automated means.

WHAT ABOUT THIRD PARTIES?

We may disclose Technical Data or Usage Data to our service providers who operate elements of our site and/or process Technical Data or Usage Data on our behalf. Our hosting provider is Mythic Beasts Ltd. We may also need to share your personal data with a regulator or to otherwise comply with the law.

We may need to transfer Technical Data or Usage Data that we collect within our company group, or with third parties, who are based outside the EEA.

Where such disclosures are made, this will be under contractual arrangements with us and carried out in accordance with the requirements of data protection law. We will satisfy ourselves that we have a lawful basis on which to share the Technical Data or Usage Data and document our decision making and satisfy ourselves we have a legal basis on which to share that information.

We may also need to share your personal data with a regulator or to otherwise comply with the law.

DATA SECURITY

We have appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data only to those involved in the maintenance of our site. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

HOW LONG WILL YOU USE MY PERSONAL DATA FOR?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our policy is to retain Technical Data or Usage Data for 12 months.

CHANGES

It is important that the Technical Data or Usage Data we hold about you is accurate and current, and we will take reasonable steps to ensure that this is the case.

YOUR RIGHTS

Under certain circumstances, by law you have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal data to another party.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). We may charge a reasonable fee or we may refuse to comply if your request for access is clearly unfounded or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal data is not disclosed to anyone who has no right to receive it.

WHO DO I ASK IF I HAVE ANY QUESTIONS?

Genomics has a Data Protection Officer (DPO). The DPO's contact details are:

e: dpo@genomicsplc.com or t: +44 (0)1865 981600

WHO DO I CONTACT IF I HAVE A COMPLAINT?

The Information Commissioner’s Office is the official regulator of personal data in the UK. You can find its contact details here: https://ico.org.uk

We may update this notice from time to time. (Last updated: 10 November 2020)

How do we use personal data from people who subscribe to our mailing lists?

OVERVIEW

This privacy notice describes how Genomics plc (“we”, “us”, “our”) as a data controller collect and use personal data about you if you are on our list of recipients for our occasional update emails, which typically contain news about us and our work, which we believe is of interest to you (“Updates”).

WHAT PERSONAL DATA DO WE USE?

We need to collect, store, and use the following categories of personal data about people to whom we send Updates:

Contact Details – your name and your email address.

We also keep a record of ‘relevance criteria’. This is brief information about your employer or your business, how you came to be on our list, and why we believe you are interested to receive Updates from us.

HOW WE WILL USE PERSONAL DATA

We will only use personal data for the following purposes:

To send you Updates, which we believe is in our legitimate interests, and is in accordance with the ICO’s ‘three-part test’ – see https://ico.org.uk

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

To fulfil legal or regulatory requirements if necessary.

HOW IS YOUR PERSONAL DATA COLLECTED?

We will have your Contact Details because you have expressed an interest in Genomics plc in the past. This may have been because we have worked together, or because you have otherwise been in contact with one of our employees and given them your business card, or otherwise provided us with your Contact Details.

AUTOMATED DECISION-MAKING

No decisions will be taken about you using automated means.

WHAT ABOUT THIRD PARTIES?

We will not disclose your Contact Details to third parties.

We may disclose your Contact Details to our service providers who operate elements of our mailing list and/or process your Contact Details on our behalf in order to manage our mailing lists.

We may need to transfer Contact Details that we collect within our company group, or with our service providers (as above), who are based outside the EEA.

Where such disclosures are made, this will be under contractual arrangements with us and carried out in accordance with the requirements of data protection law. We will satisfy ourselves that we have a lawful basis on which to share your Contact Details and document our decision making and satisfy ourselves we have a legal basis on which to share that information.

We may also need to share your Contact Details with a regulator or to otherwise comply with the law.

DATA SECURITY

We have appropriate security measures to prevent your Contact Details from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your Contact Details only to those involved in the administration of the Updates.

HOW LONG WILL YOU USE MY PERSONAL DATA FOR?

We will only retain your Contact Details for as long as necessary to send you Updates, or for the purposes of satisfying any legal, accounting, or reporting requirements.

CHANGES

It is important that the personal data we hold about you is accurate and current, and we will take reasonable steps to ensure that this is the case. You should also tell us if your Contact Details change.

YOUR RIGHTS

Under certain circumstances, by law you have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal data to another party.

Complain You also have the right to make a complaint (at any time) to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee or we may refuse to comply if your request for access is clearly unfounded or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

WHO DO I ASK IF I HAVE ANY QUESTIONS?

Genomics has a Data Protection Officer (DPO). The DPO's contact details are:

e: dpo@genomicsplc.com or t: +44 (0)1865 981600

WHO DO I CONTACT IF I HAVE A COMPLAINT?

The Information Commissioner’s Office is the official regulator of personal data in the UK. You can find its contact details here: https://ico.org.uk

We may update this notice from time to time. (Last updated: 10 November 2020)

How do we use personal data – and other data – that have been collected in scientific research?

OVERVIEW

Genomics plc conducts scientific research using large amounts of data about the genetics and health of individuals. Almost all of this data is in the form of effectively anonymous ‘aggregate’ data. We also use some more detailed genetic and health data about individuals, however we do not know their identities.

More information about our scientific research is provided below.

WHAT PERSONAL DATA – AND OTHER DATA – DO YOU USE IN YOUR SCIENTIFIC RESEARCH?

We obtain and use personal data that has been collected by others during scientific research studies. The data we obtain from the coordinators of these studies is in the form of: (1) genetic data (e.g. whole genome sequences, but more typically genotype data); and (2) data about many different traits (or ‘phenotypes’) including data concerning health. The two types of data are usually linked: we know that the genetic and trait data we have will be about the same person. We call this linked data individual level data.

The individual level data we use is personal data that has been ‘de-identified’ by the providers of the data before we receive it. This means that we know that the individual level data relates to a single person, but the information that identifies that person has been removed by (and kept by) the provider of the data. This means that we do not know the identity of any individual in the individual level data we use in our scientific research.

WHAT OTHER DATA DO YOU USE IN YOUR SCIENTIFIC RESEARCH?

Most of the data we use in our research is aggregate data. This means the data summarises the results from research on groups of people who have participated in a research study. It is effectively anonymous data. Most of the aggregate data we use is generated by other researchers and made freely available for use in scientific research.

HOW DO YOU USE DE-IDENTIFIED INDIVIDUAL-LEVEL DATA IN YOUR SCIENTIFIC RESEARCH?

Genomics plc is a ‘data controller’ in respect of individual level data. This means that we make our own decisions about how such data is used in our scientific research.

We use individual level data (and also aggregate data) to try and better understand human biology. This involves a broad range of both fundamental and applied research into the genetic basis of human disease, as well as technological developments (e.g. new ways to analyse very large amounts of data). The results of our research can help to design new and better drugs and therapies to treat human disease.

We normally create aggregate data from individual level data. It is easier for us to analyse aggregate data at the very large scale needed to conduct our research. This means most of our the analyses we carry out in our research – and certainly most of the results – do not use and are not individual level data at all.

It is important that all data (individual level data and aggregate data) used in our research is accurate and up to date. We maintain processes to ensure that we only use current, correct data in our research. We also ensure that all data used in our research is only accessible to authorised people working for and with us.

Everyone who works for us has agreed to a set of standards that governs use of all data in our scientific research.

WHAT ARE THE LEGAL BASES FOR THE USE OF DE-IDENTIFIED, INDIVIDUAL LEVEL DATA IN YOUR SCIENTIFIC RESEARCH?

We first rely on our ‘legitimate interests’ to conduct our research using individual level data.

Secondly, because of the sensitivity of individual level data, we rely on certain ‘safeguards’ made possible by our ISO27001-certified internal processes covering our use of all genetic and related data in our research. These processes include requirements that data is kept secure, de-identified and/or converted into aggregate data wherever practical, and used only for permitted research activities. These processes are also designed to minimise the risk of data use that may cause problems for individuals (e.g. unauthorised disclosures about medical conditions of an identifiable individual). You can read more about our information security practices here.

Thirdly, we consider that our scientific research is in the public interest. We can demonstrate this in two ways. Firstly, the results of our analyses can be used to create methods that are applied in our precision health work for the benefit of a wide range of individuals; and also to improve drug discovery and development processes (we can help to discover new drugs, and use existing drugs in better ways). Secondly, in certain circumstances, we will also share certain results (aggregate data) for wider use by the scientific community. We have also published some of our findings in scientific journals.

WHERE DO YOU GET DE-IDENTIFIED INDIVIDUAL-LEVEL DATA FROM?

Access to the individual level data we use in our scientific research is administered by many different research consortia and data repositories.   In all cases, we have signed an agreement with the data provider before getting access to individual level data. Usually this means that we must: use individual level data only for agreed research purposes; keep the individual level data secure; respect research participant confidentiality; and only use and share individual level data and any results in accordance with terms and conditions imposed by the data provider.

WHO DO YOU SHARE DE-IDENTIFIED INDIVIDUAL LEVEL DATA WITH?

We will only share individual level data with other researchers in cases where the data provider has allowed us to. In all other cases we do not share individual level data.

For any permitted sharing of individual level data (including outside of Europe) we will use secure, encrypted methods to avoid any unauthorised access to the data.

We may, on occasion, choose to share aggregate data with other researchers (in most cases there are no restrictions for this type of sharing). We are also required to return certain aggregate data to data providers, and may choose to publish such data in scientific journals.

HOW LONG DO YOU STORE DE-IDENTIFIED INDIVIDUAL-LEVEL DATA THAT YOU USE IN YOUR SCIENTIFIC RESEARCH?

We retain individual level data in accordance with any conditions imposed by the provider of the data. Our scientific research is ongoing so, in practice, we will retain individual level data indefinitely. The same approach applies to our use of aggregate data.

DOES YOUR SCIENTIFIC RESEARCH INVOLVE AUTOMATED DECISION-MAKING ABOUT INDIVIDUALS?

No. We do not identify individuals in the course of our research. We also do not work directly with individual research participants. Accordingly, the results of our research cannot – by automated means or otherwise – be used by us to make any decisions in respect of an individual.

CAN YOU IDENTIFY INDIVIDUAL RESEARCH PARTICIPANTS FROM YOUR SCIENTIFIC RESEARCH DATA?

In practice: no. We never try to find the identities of individual research participants. Everyone who works for us has agreed in writing that they will not seek to re-identify individual participants from any data used in our research.

The additional information that would allow us to identify an individual from individual level data is kept by the providers of the data. That additional information is rightly considered highly sensitive and confidential, and would never be disclosed to us or other researchers. We do not need that additional information in order to carry out our scientific research.

It is theoretically possible to identify an individual using large volumes of aggregate data as a starting point. To do so would require additional information from the data providers and other sources, and a lot of detailed analysis. We do not have, or need, such additional information, and we will not attempt to identify individuals from the aggregate data we use in our scientific research.

Sometimes we may need to know – if we are allowed to do so by the providers of the data – that the same individual is present in different sets of research data, and which is the relevant data. Again, the relevant individual level data would always remain ‘de-identified’ and in some cases further ‘pseudonymised’, for instance by way of obfuscation and encryption.

DO YOU WORK DIRECTLY WITH INDIVIDUAL RESEARCH PARTICIPANTS?

Currently, in almost all cases, we do not. All the individual level data we use comes from other sources. In all cases, the data providers will have ‘de-identified’ the individual level data before we receive it. We are in the early stages of conducting our own research studies, which will be subject to research ethics committee/institutional review board approvals.

WHAT RIGHTS DO I HAVE IN RELATION TO THE USE OF DE-IDENTIFIED, INDIVIDUAL LEVEL DATA IN YOUR RESEARCH?

As members of the scientific research community, we are grateful to everyone who has participated in research. However, for legal and practical reasons (see below) individual research participants do not have any rights to directly require us to take action in respect of personal data relating to you that has been de-identified and is being used in our scientific research. We will always comply with requests from providers of individual level data (and aggregate data) to alter or stop use of such de-identified data in our research.

We could not comply with any requests made directly to us in respect of individual level data. There are two reasons for this: firstly, we do not have information in our possession to allow us to identify individuals; and, secondly, legal exemptions also apply to the use of personal data in scientific research activities such as ours.

If you are concerned about the use of individual level data that may have been made available to us by one of our sources you should contact those sources directly. You could also contact scientific researchers with whom you had direct interactions with when participating in a research study. You will probably have a consent form and/or information leaflet if you participated in such a study: contact details should be provided on such paperwork. You will have most likely have direct rights (e.g. to access, rectification, erasure, withdrawal of consent, restriction of further processing) of when dealing with them directly.

WHAT ARE THE GENOMICS PLC DATA STANDARDS?

The values described in our Data Standards underpin the conduct of our scientific research. Everyone one who works for Genomics plc must agree to work in accordance with the Data Standards. They are set out below:

Responsibility – We will use Data responsibly and in accordance with all applicable laws.

Benefit – We will use Data to try and better understand human biology in ways that can help improve healthcare, including the development and use of therapeutics.

Context – We will assume that the original providers of Data are bound by: obligations of confidentiality and privacy towards research participants; the consent given by donors of biological samples that generated Data; and conditions of approval by research ethics committees / institutional review boards for use and generation of Data in research.

Sensitivity – We will acknowledge that the sensitivity of Data depends on the nature of its use – ie. how Data may relate to other information, people, decisions and actions – rather than how we or others may categorise Data.

Purpose – We will use Data only for the purposes communicated to and permitted by the Data provider.

Anonymity – We will assume that certain Data could, either alone or in combination with other Data or associated information in our possession, identify a person. However, we will not use any Data in order to identify any individuals.

Security – We will store all Data securely; grant access only to those who need to use for Genomics plc business; and always act in accordance with company policies relevant to Data security.

Acknowledgement – We will acknowledge the sources of Data appropriately, and will always include relevant details of Data providers in any papers that we publish.

Accuracy – We will take all reasonable steps to: keep Data updated and accurate; and permanently delete and remove Data from our systems if requested to do so by a Data provider.

(In our Data Standards we use Data to mean refer to scientific data that is typically used for our company’s purposes)

WHO DO I ASK IF I HAVE ANY QUESTIONS?

Genomics has a Data Protection Officer (DPO). The DPO's contact details are:

e: dpo@genomicsplc.com or t: +44 (0)1865 981600

Please remember that because all the individual level data we have is de-identified before it is transferred to us we will not be able to tell you if we have data relating to you.

WHO DO I CONTACT IF I HAVE A COMPLAINT?

The Information Commissioner’s Office is the official regulator of personal data in the UK. You can find its contact details here: https://ico.org.uk

 

How do we use personal data about individuals for recruitment purposes?

WHAT IS THE PURPOSE OF THIS DOCUMENT? 

This privacy notice describes how we at Genomics plc (“Genomics”, “we”, “us”) - as a data controller - collect and use personal data about you. 

Specifically, it applies to you (a “Candidate”, “you”) if you are applying for, or otherwise considered for a job at Genomics using the service, powered by Ashby, Inc., for handling recruitment and simplifying the hiring process ("Ashby"). 

We process, manage, use, and protect Candidates’ personal data in accordance with this privacy notice for the purpose of managing the recruitment of people to Genomics.  

We are responsible for the processing of the personal data that Candidates contribute to Ashby, and for the personal data that we, in other ways, collect and use in Ashby.

If we decide to make you a written job offer, we will need to carry out our standard pre-employment screening checks about you. If you do receive a job offer, we will provide you with information about these checks then. 

WHAT INFORMATION DO WE USE?

We need to collect, store, and use the following categories of personal data about you during the recruitment process using Ashby:

  • Name and contact details
  • Information about your previous experience and education that you include in your CV, cover letter, your LinkedIn profile, and any other documents that you provide in the application process .
  • Application information (including interview notes and any written test records).

Only personal data that is relevant for the recruitment process is collected and processed by us.

HOW IS YOUR PERSONAL DATA COLLECTED?  

We collect personal data about you in the following ways:

  • when you make an application to Genomics through Ashby or other means, adding personal data about yourself either personally or by using a third-party source such as LinkedIn or Twitter; 
  • when you use Ashby to connect with Genomics staff; and
  • as part of any interviews you have with us

In some cases, existing Genomics employees can make recommendations about potential candidates. Such employees will add personal data about such potential candidates to Ashby. In these cases, the potential candidate is considered a Candidate in the context of this privacy notice and will be informed about the processing if we contact them about a vacancy at Genomics. 

WHAT IS THE LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA?

We use Candidates’ personal data for managing the recruitment of people to Genomics. 

Given the nature and sources of Candidates’ personal data, we rely on our legitimate interests to use personal data for these purposes. 

STORAGE AND TRANSFERS 

The personal data collected through Ashby is stored and processed in the United States.

If we need to transfer your personal data outside the EU/EEA, we will only do so where: (a) the country or territory to which we transfer the personal data has been considered by the European Commission to have an adequate level of data protection; and/or (b) the personal data will be processed by third parties that have entered into appropriate arrangements that guarantee adequate safeguards are in order to protect the rights of the data subjects whose data is transferred. For further information, please contact our Data Protection Officer. 

HOW LONG WILL YOU USE MY PERSONAL DATA FOR? 

We will retain personal data obtained in the recruitment process for two years from the date when a Candidate contacts us, or from the date when a Candidate is sourced or otherwise referred to us. 

Following the expiry or any retention permission, we will securely delete all your personal data and retain only a record of the date of your application. 

If you are successful, and become an employee, we will retain your personal data in accordance with the privacy notice that applies to our employees, a copy of which will be provided to you. 

DATA SECURITY 

We have appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data only to those involved in the hiring process at Genomics and have access to Ashby. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

Transfers of information over the internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that Candidates also take responsibility to ensure that their data is protected. It is the responsibility of the Candidate that their login information is kept secret.

WHAT ABOUT THIRD PARTIES? 

We may need to share Candidates’ personal data with a regulator or to otherwise comply with the law. We will not sell or otherwise transfer Candidates’ personal data to third parties other than as set out below. In all cases, we will only transfer Candidates’ personal data to third parties that we have confidence in. We will carefully choose partners to ensure that Candidates’ personal data is processed lawfully. 

We may transfer Candidates’ Personal Data to our contractors and subcontractors, acting as our Processors and Sub-Processors in accordance with our instructions, for the provision of the Ashby service. 

Ashby is a data processor of Candidates’ personal data. Ashby supplies the Ashby service, server and hosting companies, resume processing companies, information-sourcing companies, analytical service companies and other companies with regards to supplying the Ashby service.

YOUR RIGHTS 

Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.
  • Complain You also have the right to make a complaint (at any time) to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee or we may refuse to comply if your request for access is clearly unfounded or excessive. 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

It is important that the personal data we hold about you is accurate and current. Please keep us informed, via Ashby or otherwise, if your personal data changes during the application process.

COOKIES

When Candidates use Ashby, information about the usage may be stored as cookies. Cookies are passive text files that are stored in the internet browser on the Candidate’s device, such as computer, mobile phone or tablet, when using Ashby. 

We use cookies to improve the Candidate’s usage of Ashby and to gather information about, for example, statistics about the usage of Ashby. This is done to secure, maintain and improve Ashby. The information that is collected through the cookies can in some instances be personal data and is, in such instances, regulated by our Cookie Policy.

Candidates can at any time disable the use of cookies by changing the local settings in their devices. Disabling of cookies can affect the experience of Ashby, for example disabling some functions in Ashby.

AGGREGATED DATA (NON-IDENTIFIABLE DATA)

We may share aggregated data to third parties. This type of data will have been compiled from information that has been collected through Ashby and can, for example, consist of statistics of internet traffic or the geological location for the use of Ashby. It does not contain any information that can be used to identify individual persons and is thus not personal data.

CHANGES

We may update this privacy notice from time to time. The latest version of the privacy notice will always be available through Ashby. A new version is considered communicated to the Candidates when the Candidate has either received an email informing the Candidate of a new version (using the email stated by the Candidate in connection to the use of Ashby) or when the Candidate is otherwise informed of a new version.

CONTACT 

Genomics has a Data Protection Officer (DPO). The DPO oversees compliance with this privacy notice. If you have any questions about this privacy notice or how we use personal data, please contact the DPO (dpo@genomicsplc.com).

We may update this notice from time to time. (Last updated: 22 March 2024)