Purpose of this Policy

Welcome to IXICO’s Privacy Policy.

You are being provided with a copy of this privacy notice because we are processing personal information about you and we consider the protection of your personal data and privacy a very important matter. This notice therefore makes you aware of how and for what purposes your personal data will be used and for how long it will usually be retained. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (GDPR).  Before you provide us with any Personal Data, you should read through this Privacy Notice in full and make sure that you are comfortable with our privacy practices.

Terms

You also acknowledge and agree that all copyright, trade marks and all other intellectual property rights in all material or content herein supplied by IXICO shall remain at all times vested in IXICO or its licensors. You are permitted to use this material or content only as expressly authorised in writing by IXICO or its licensors. You will not, and you will not assist or facilitate any third party to copy, reproduce, disseminate, distribute, commercially exploit or create derived works from such material or content.

Controller

For the purposes of applicable data protection and privacy laws, IXICO Technologies Limited with its registered offices at 4^th Floor, Griffin Court, 15 Long Lane, London EC1A 9PN, is considered the “Data Controller” in respect of the Personal Data that it collects, uses and manages in accordance with this Privacy Notice. This information may also be used by our affiliated entities and group companies, namely IXICO plc and IXICO Technologies Inc (our group companies) and so, in this notice, references to we, IXICO or us mean IXICO Technologies Limited and our group companies. IXICO plc is listed on the Alternative Investment Market (AIM) and operates in accordance with the AIM Rules.

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely.

The kind of information we hold about you

We collect various types of personal data about you and your site, including:

• general and identification information (e.g. name, email and/or postal address, contact phone numbers); and
• roles and positions (e.g. job title/function, name of company or institution); and
• IP address.

You also agree that you have obtained the consent of other Site personnel/Site staff before sharing their personal information with us.

The legal basis for IXICO processing your Personal Data

In order to comply with applicable data privacy laws, IXICO is required to set out the legal basis for the processing of your Personal Data. In accordance with the purposes for which we collect and use your Personal Data as set out above, the legal basis for IXICO processing your Personal Data will typically be one of the following:

• your consent;
• the performance of a contract that we have in place with you or other individuals or organisations;
• IXICO or our third parties’ legitimate business interests; or
• compliance with our legal obligations.

The purposes for which we process your Personal Data

We process your Personal Data for the following purposes:

• site qualification and site management activities; and
• audit purposes; and
• to comply with applicable laws and regulations.

Disclosure of your Personal Data

IXICO may share your Personal Data with people within IXICO who have a “need to know” that data for business or legal reasons. We may also share the Personal Data you submit to us with any entity within the IXICO group worldwide.  We may disclose your Personal Data to third parties in the event that we sell, buy or merge any business or assets, including to the prospective seller or buyer of such business or assets. These entities are required to maintain the confidentiality of your data and are restricted from using it for any purpose other than the purposes set out in this Policy.

We may also disclose your Personal Data to third parties including:

• IT systems providers, cloud service providers, database providers and consultants.
• Our clients where you are providing services to them on our behalf (for example, radiologists) and where they require visibility of your Personal Data for legal and regulatory purposes.

We may also use the following third-party service provider named below to process and store your data:

• SurveyMonkey which we use to manage the collection of site qualification questionnaires, conduct site training and customer satisfaction surveys. Please read their privacy policy at https://www.surveymonkey.co.uk/mp/legal/terms-of-use/#privacy

Transfers of Personal Data

Your personal information may be processed by IXICO and its trusted third party suppliers anywhere in the world, including in countries where data privacy laws may not be equivalent to or as protective as the laws in your home country. We will implement appropriate measures to ensure that your personal information remains protected and secure when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws. 

Security

IXICO takes all reasonable technical and organisational security measures to protect Personal Data from accidental or unlawful destruction, accidental loss and unauthorised access, destruction, misuse, modification or disclosure.

Records retention

Your Personal Data is not kept for longer than is necessary for the purposes for which it is collected. This means that data and records (including Personal Data) are destroyed or erased from our systems when no longer required. The amount of time that records are kept for varies depending upon the type of Personal Data they contain.

Your rights

Applicable data privacy laws give rights to individuals in respect of Personal Data that organisations hold about them.  If you wish to:

• request a copy of the Personal Data that we hold about you; or
• request that we rectify, transfer, delete or object to or restrict the processing of your Personal Data,

please submit your written request to DPO@ixico.com.

If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.

If you have an objection about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data if applicable (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don't have a good reason to continue to use it; or (d) if we haven't handled your personal data in accordance with our obligations.  However, we may apply exceptions to these rights where appropriate and in accordance with applicable law.

If you wish to exercise your rights, please provide a copy of an identity document, it being understood that we shall only use such data to verify your identity and shall not retain the scan after completion of the verification. When sending us a copy of your identity document, please make sure to redact any photographs.

Data Protection Officer

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

Contact details

Postal Address:

IXICO Technologies Limited
FAO: Data Protection Officer
4^th Floor Griffin Court
15 Long Lane
London EC1A 9PN
United Kingdom

Or by email to: 
DPO@ixico.com

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

EU Representative

Individuals and data protection supervisory authorities in the EU may contact our data protection representative according to Article 27 GDPR:

DP-Dock GmbH, Attn: IXICO

Ballindamm 39, 20095 Hamburg, Germany

www.dp-dock.com

ixico@gdpr-rep.com

Changes to the privacy policy

We reserve the right to modify or amend this Policy at any time by posting the revised Policy on our website.

Updated March 2021