Business Partner and Supplier Privacy Notice

What is the purpose of this Privacy Notice?

Welcome to IXICO’s Business Partner and Supplier Privacy Notice.

You are being provided with a copy of this privacy notice because we are processing personal information about you and we consider the protection of your personal data and privacy a very important matter. This notice therefore makes you aware of how and for what purposes your personal data will be used and for how long it will usually be retained. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR).

Before you provide us with any Personal Data, you should read through this Privacy Notice in full and make sure that you are comfortable with our privacy practices.

Controller

For the purposes of applicable data protection and privacy laws, IXICO Technologies Limited with its registered offices at 4th Floor, Griffin Court, 15 Long Lane, London EC1A 9PN, is considered the “Data Controller” in respect of the Personal Data that it collects, uses and manages in accordance with this Privacy Notice. This information may also be used by our affiliated entities and group companies, namely IXICO plc and IXICO Technologies Inc (our group companies) and so, in this notice, references to we, IXICO or us mean IXICO Technologies Limited and our group companies. IXICO plc is listed on the Alternative Investment Market (AIM) and operates in accordance with the AIM Rules.

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

The kind of information we hold about you

We collect various types of personal data about you, including:

  • your general and identification information (e.g. name, gender, date of birth, email and/or postal address, contact phone numbers);
  • your role and position (e.g. job title/function, name of company or institution) and for radiologists, professional qualifications, registration to practice and associated certifications, curriculum vitae;
  • payment information (e.g. bank account details, tax information);
  • results of debarment checks - for example results arising from checks conducted on the Food and Drug Administration Debarment List and the Office of Inspector General Excluded Individuals/Entities database.
  • Declarations of interest to manage and prevent conflicts of interest.

The legal basis for IXICO processing your Personal Data

In order to comply with applicable data privacy laws, IXICO is required to set out the legal basis for the processing of your Personal Data. In accordance with the purposes for which we collect and use your Personal Data as set out above, the legal basis for IXICO processing your Personal Data will typically be one of the following:

  • your consent;
  • the performance of a contract that we have in place with you or other individuals or organisations;
  • IXICO or our third parties’ legitimate business interests; or
  • compliance with our legal obligations.

The purposes for which we process your Personal Data

We process your Personal Data for the following purposes:

  • to manage our relationship with you including invoicing for services rendered;
  • to preserve IXICO’s economic interests and ensure compliance and reporting (such as complying with our policies, our legal obligations to our clients and local legal requirements, tax and deductions, managing alleged cases of misconduct or fraud; conducting audits and defending litigation);
  • other business-related purposes, including negotiating, concluding and performing contracts, managing accounts and records, supporting corporate social responsibility activities, legal, regulatory and internal investigations and debt administration;
  • determining whether a contractor or consultant is in deemed employment under the off-payroll working rules;
  • manage mergers and acquisitions involving IXICO; 
  • audit purposes; and
  • to comply with applicable laws and regulations.

Disclosure of your Personal Data

IXICO may share your Personal Data with people within IXICO who have a “need to know” that data for business or legal reasons, for example, in order to carry out an administrative function such as processing an invoice, or managing a contractual relationship with you. We may also share the Personal Data you submit to us with any entity within the IXICO group worldwide.  We may disclose your Personal Data to third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets. These entities are required to maintain the confidentiality of your data and are restricted from using it for any purpose other than the purposes set out in this Policy.

We may also disclose your Personal Data to third parties including:

  • IT systems providers, cloud service providers, database providers and consultants.
  • Our clients where you are providing services to them on our behalf (for example, radiologists) and where they require visibility of your Personal Data for legal and regulatory purposes.
  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.

Transfers of Personal Data

Your personal information may be processed by IXICO and its trusted third party suppliers anywhere in the world, including in countries where data privacy laws may not be equivalent to or as protective as the laws in your home country.

We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws.  These measures include data transfer agreements implementing standard data protection clauses.

Security

IXICO takes all reasonable technical and organisational security measures to protect Personal Data from accidental or unlawful destruction, accidental loss and unauthorised access, destruction, misuse, modification or disclosure.

Records retention

Your Personal Data is not kept for longer than is necessary for the purposes for which it is collected. This means that data and records (including Personal Data) are destroyed or erased from our systems when no longer required. The amount of time that records are kept for varies depending upon the type of Personal Data they contain.

Your rights

Applicable data privacy laws give rights to individuals in respect of Personal Data that organisations hold about them.  If you wish to:

  • request a copy of the Personal Data that we hold about you; or
  • request that we rectify, transfer, delete or object to or restrict the processing of your Personal Data,

please submit your written request to DPO@ixico.com.

Where you have consented to us using your personal data, you can withdraw that consent at any time.

If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.

If you have an objection about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don't have a good reason to continue to use it; or (d) if we haven't handled your personal data in accordance with our obligations.

If you wish to exercise your rights, please provide a copy of an identity document, it being understood that we shall only use such data to verify your identity and shall not retain the scan after completion of the verification. When sending us a copy of your identity document, please make sure to redact any photographs.

Data Protection Officer

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Contact details

Postal Address:

IXICO Technologies Limited
FAO: Data Protection Officer
4th Floor Griffin Court
15 Long Lane
London EC1A 9PN
United Kingdom

Or by email to: 
DPO@ixico.com

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

EU Representative

Individuals and data protection supervisory authorities in the EU may contact our data protection representative according to Article 27 GDPR:

DP-Dock GmbH, Attn: IXICO

Ballindamm 39, 20095 Hamburg, Germany

www.dp-dock.com

ixico@gdpr-rep.com

Changes to the privacy policy

We reserve the right to modify or amend this Policy at any time by posting the revised Policy on our website.

 

Updated March 2021