Alector Pharmaceuticals Business Contacts Privacy Notice

What is the purpose of this document?

This privacy notice describes how Alector Pharmaceuticals Ltd, collects and uses personal information relating to our business contacts, which includes, without limitation representatives of entities we would like to start a business relationship with, potential and existing clients, suppliers, business associates, agents and service providers (together “Business Associates”).
This notice does not form part of any contract to provide goods or services. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you (such us our marketing and website notices), so that you are aware of how and why we are using such information.

The kind of information we hold about you

We will collect, store, and use the following categories of personal information about you:
• Personal and work contact details such as name, title, addresses, telephone numbers, and personal email addresses
• Organisation related details i.e. information about your organisation and your role within it and your job title
• Contact history such us the information we have sent you, who in our group knows you and what meetings and events you have attended
• Information that you provide to us as part of our provision of services to your business
• Information about your communication with us including requests and complaints

How is your personal information collected?

We collect personal information about you in the following ways:
• From the company that employs you
• Directly from you, such as information about you that you give us by corresponding with us by phone, e-mail, post, fax or otherwise. It also includes information you provide to us at events. It also includes information you provide to us at events, by giving us your business card or completing registration forms
• From third parties, such as information received from our business partners, any of our existing clients, sub-contractors, advertising networks, analytics providers
• From any publicly available sources including social media or company websites, advertisements, tender notices

How we will use information about you

We will use your personal information in the following circumstances:
• Where we need to perform the contract, we have entered into with the business you represent
• Where we need to provide you with the information, products and/or services that you request from us
• Where we need to comply with a legal obligation.
• We may in some circumstances rely on your consent. In those circumstances, we will specifically ask whether you agree to us using your data in specified ways. You can withdraw your consent and ask us to delete your information at any time – please see section 10
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

The legitimate interests we are pursuing are:
• Most commonly, we will use personal data to establish, manage and maintain our relationship with our Business Associates. This includes activities such as letting you know about our services, contacting you with billing enquiries, inviting you to events or asking you about the sort of services your business is interested in
• To open a new client account in our database which will include your contact details in your capacity as a client representative
• To communicate with you so as to fulfil our obligations towards our Business Associates
• To maintain our contact data base and update our records for an effective communication with any public authorities
• Dealing with legal disputes involving you or the Business Associate you are representing

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Data sharing

We may share your data with third parties, including third-party service providers where required by law, where it is necessary to administer the working relationship with your business or where we have another legitimate interest in doing so. Specifically, we will share data with Marathon Distributors Ltd, which handles the Company’s storage and distribution of products. Moreover, we may share your data with mail forwarders, such as Kronos Express and KVC Office Systems Ltd, where we are required by law to inform you of pharmacovigilance matters or for fulfilling our obligations towards Transfer of Value matters.
We require third parties to respect the security of your data and to treat it in accordance with the law.

Transferring information outside the EU

We share your personal data with Rocket Science Group (MailChimp), which is based in the US, for the purposes of carrying out marketing activities concerning new product launches, product withdrawals and updating you about important information regarding the Company’s products. This will involve transferring your data outside the European Economic Area (EEA). Not all countries provide the same level of protection in relation to personal information as within the EEA. Where necessary to make such transfers, we will comply with our legal and regulatory obligations in relation to the personal information. This will include having a lawful basis for transferring personal information and putting appropriate safeguards in place to ensure an adequate level of protection for the personal information.

MailChimp participates in and has certified its compliance to the Privacy Shield framework, which regulates US providers and requires them to offer similar protection to personal data shared between Europe and the US.

Please contact us for further information on the specific mechanisms we use when transferring your personal data out of the EEA.

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. If you are a representative of one of our clients or potential clients, this means that we will normally keep your personal data while you or your employer have an ongoing relationship with us. You may access our Data Retention Policy on our website here. You can also request that we delete your data earlier, as explained in section 9 below. We will delete or remove your data where there is no good reason for us continuing to process it.

Automated decision making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We do not use automated decision-making or profiling to make any decisions that will significantly affect you. For example, we do not use it to set the prices that we charge for our products and services. However, we will notify you in writing if this position changes.

Rights of Access, Correction, Erasure and Restriction

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below)
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
• Request the transfer of your personal information to another party
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us at [email protected]

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us at [email protected]. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Contact details

If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection Team at [email protected]. You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance.