Privacy & Cookie Policy

WHO ARE WE?
BenevolentAI   Ltd   and   its   subsidiary   entities  (“Benevolentai Bio Ltd; BenevolentAI   Cambridge   Ltd;   BenevolentAI   Technology   Ltd”, “BenevolentAI Group”, “We”, “Us”; together referred to as “BAI Group”) is   a   company   that   creates   and   applies   artificial   intelligence   (AI) technologies   to   transform   the   way   medicines   are   discovered   and developed.   At   BenevolentAI,   we   seek   to   improve   patient’s   lives   by applying technology designed to generate better data decision making and in doing so lower drug development costs, decrease failure rates and increase the speed at which medicines are generated.

BAI Group is committed to conducting its businesses in accordance withall   applicable   Data   Protection   laws   and   regulations   in   line   with   the highest standards of ethical conduct. This privacy notice set forth the expected behaviours of BAI Group practices in relation to the collection,use,   retention,   transfer,  disclosure   and   destruction   of   Personal   Data belonging to all BAI Group contacts (i.e. the Data Subjects).

BAI Group strive to ensure continued and effective implementation of this policy and expects all stakeholders to share this commitment.  This policy   (together   with   our  [“Terms”] of use and any other document referred to on it) sets out the basis on which any Personally Identifiable Information (PII) we hold are processed.

Please read the following carefully to understand our views and practices regarding your Personal Data and how it’s processed. If you have anyconcerns or need further information, our Data Protection Compliance Manager can be contacted directly with the details below:

Data Protection Officer, BenevolentAI Ltd,4-8 Maple Street, London, W1T 5HD United Kingdom Phone: +44 (0)2037 819 360 Email: DPO@benevolent.ai
Data type (that we may hold at any time)
Processors/Collaborators
  • Names
  • Home address
  • Email address
  • Phone number
  • Date of birth
  • NI / SS Number
  • Passport Number
  • Bank Account details
  • Other Credit Information (where necessary)
SOURCE (obtained data from)
  • Job Agencies
  • Internal referral
  • Online
  • Onsite visitors’ registration system
  • Direct email messages
  • Direct phone calls
Pseudonymous / Patient Level Data Sets
  • De-identified data sets
  • De-identified patient level data
  • Human tissues and blood samples
  • Data banks/Suppliers
  • Collaborators/Institutions
  • CROs
Suppliers/Investors/ Partners Information
  • Supplier/Vendor/Contact ID
  • Email address
  • Company Physical Addresses
  • Company Contact Information
  • Name
  • Home Addresses
  • Phone number
  • Financial Information
  • Bank account
  • Onsite visits
  • Direct email messages
  • Phone calls
Technical information we may collect:
  • Internet Browsing
  • Activity data, such as when you completed a form on this website
  • Information from your visits to this website, including the type of browser and operating system you use,
  • Access times, pages viewed, URLs clicked on, your IP address and the pages you visited
  • Tracking pixels that allow platforms such as Facebook and Twitter to interact with this website and give feedback on your actions; and
  • Device information, including the unique device identifier, hardware model, operating system and version and mobile network information
  • Cookies / Online contact forms / Social Media platforms
PURPOSE FOR PROCESSING
Our use of personal data
  • Drug Discovery
  • Accounting and Payroll
  • Recruitment
  • Health and Safety/Security purposes
  • Statistical analysis
  • Compliance with legislations (e.g. HMRC)
  • To help BAI Group improve services
Legal basis for processing
  • Contractual obligations
  • Public Interest
  • Scientific or historical research purposes
Legitimate interests pursued by us, or third parties
  • Accounting and payroll system
  • Administration and record keeping
  • Contractual administrative purposes
  • Regulatory compliance
We source data from providers from time to time which may be combined with information you give to us and information we collect about you. We may use this information and the combined data for the purposes set out in this privacy notice (depending on the types of data we have received).

Pseudonymised Datasets
We collect pseudonymised datasets from data suppliers, CROs and collaborators for internal research purposes.

Clinical Trial Data
We work with vetted CROs and test centres from time to time who provide participant’s pseudonymised data for use in our clinical trials and research.

From   time   to   time,   these   processing   may   involve   special   category personal health data. BAI Group relies on the exception under Article 6(1)(f); Article 9(2)(i)(j); Article 89(1) Legitimate Interests,  Scientific or Historical Research Purposes and Schedule(1), Part (1) sections 10 and 19 of the Data Protection Act 2018 (DPA 2018) as our lawful basis for processing.
When you subscribe to BAI Group’s newsletter, we will ask for your:
  • Names
  • Email address, and
  • Any other content preferences that can help tailor our messages to your interests
Our use and storage of your data is based on your consent. This means you will receive tailored communication and updates regarding our upcoming events, products, services or opportunities from time to time. You can withdraw your consent or change your preference at any time, by following the ‘Unsubscribe' link on any of our emails or contacting us at hello@benevolent.ai

Event attendees When you register to attend one of our events (including via any of our third-party provider), we will ask for your:
  • Names
  • Email address, and
  • Any other relevant information as determined on an event-by-event basis; such as, job title or work-related email address.
We will collect this information when you enrol to attend an event. Our use and storage of these data is based on your consent. We use the data solely for the purposes of administering the event. We may be required to share such data with third-party organisations where necessary to administer the event effectively.

We often take photographs at our events and those photos may be used on our website, social media, newsletters or other internal or external communications. Please contact us if you have any question or concern regarding the use such photographs at any time. If you are a speaker at one of our events, we may promote your participation via platforms such as Twitter, LinkedIn and by marketing emails. External platforms may continue to store and use personal information after the event has ended.

When you unsubscribe, your personal data will be automatically removed from the newsletter distribution system. We use MailChimp to provide this service and they process your personal data on our behalf. You can read the MailChimp privacy notice here. MailChimp operate in the United States, so your information is transferred to, stored and processed in the United States. MailChimp is deemed to have technical and organisational measure in place to ensure the security of your personal data and they are compliant with the EU-US Privacy Shield framework. You can view their certification here.
We rely on Contractual, Legitimate Interest and Legal Obligation as the lawful basis on which we collect and use your personal data. We use your data to provide you with information about our products, services and to improve those products and services. We will also use your data to notify you about changes and events and to ensure that content on our website is presented in the most effective manner for you and your computer.

Data Disclosure All the information we collect from you are used for administrative (HR) and drugs discovery purposes. If there’s a need to disclose your personal data to other third parties for new purposes outside the scope or are materially different from that for which they were originally collected, BAI Group will ensure that your rights and freedom are not undermined and where applicable, give you the opportunity to decide if your Data should be processed in such manner. However, note that in certain circumstance where BAI Group might be required to disclose your data in response to lawful requests by public authorities, to meet national security, law enforcement or investigations, we will oblige accordingly.

Data Storage We take appropriate technical and organisational measures to ensure all personal data is kept secured including security measures to prevent personal data from being accidentally collected, recorded, organised, structured, stored, altered, retrieved, consulted, used, disclosed by transmission, disseminated or otherwise made available, aligned or combined, restricted, erased or destroyed in an unauthorised way. We limit access to your personal data to those who have a genuine business need and duly trained for such processing. Those processing your information will do so only in an authorised manner that ensures confidentiality and accountability. We also have procedures in place to deal with any suspected data security breach. We will notify you and all applicable regulators of a suspected data security breach where we are legally required to do so within 72 hours.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means outside the scope of this policy, therefore any of such transmission remains at your own risk as the transmission of information via the internet is not completely secure.

Where We Store Data Your personal information may be stored by BAI Group and its affiliated/trusted third party suppliers within and outside the EEA. Data privacy laws in the countries to which your personal information is transferred may be deemed inadequate under the EU regulations. In all cases, BAI Group implement appropriate measures to ensure your personal data remains protected and secure in compliance with applicable data protection and privacy laws. These measures include data transfer agreements/contracts, implementing standard data protection clauses, or Binding Corporate Rules.
Your personal data will be retained for as long as necessary to perform the purposes for which they were collected as set out in this Privacy Notice. This mean that your data will be kept for the duration of our relationship with you and in line with the requirements of applicable laws, regulations and, or licenses, including for the purposes of satisfying any legal, regulatory, accounting, tax or reporting requirements. For further information, contact our Data Protection officer at: DPO@benevolent.ai
Rights relating to the processing of your Personal Data

The Data Protection Act 2018 (DPA), the General Data Protection Regulation (GDPR) and PERC provide you with specific rights relating to your personal data that BAI Group holds and process at any given time. These rights include:
  • Right to Access (Subject Access Request)
  • Right to be Informed (Privacy Notices)
  • Right to Object to Processing
  • Right to Rectification
  • Right to Erasure (Right to be Forgotten)
  • Right to Restrict Processing
  • Right to Data Portability
  • Rights related to Automated Decision-Making including Profiling
Data Subject Access Request: You can request access to the data we hold about you using the contact details set our below.

Requests Should Include:
  • Two proof of identification:
  • one photographic ID (a copy of your passport or driving license)
  • one proof of address (a recent bill or financial statement showing your current address)
Subject Access Requests should be addressed to:

Data Protection Officer: BenevolentAI Ltd 4-8 Maple Street, London, W1T 5HD United Kingdom Phone: +44 (0)2037 819 360 Email: DPO@benevolent.ai

We are obliged by the governing regulations to respond promptly to your request and in any event within one month of receipt. Exception may apply for an extended period of two months if request proves particularly complex in nature, in which case you will be duly informed.

Note: If we should need additional information to identify, validate and/or locate the information requested, we will contact you and wait for your response before we are able to process your request.
Following the recent invalidation of the EU-US Privacy Shield, BenevolentAI Group have implemented the Standard Contractual Clauses (SCC) as our lawful basis for data transfer.

We comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. We are also subject to investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Independent Recourse Mechanism (IRM) In compliance with the Privacy Shield Principles, BAI commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Us at:
London, UK office
Data Protection Compliance Manager
BenevolentAI Ltd
4 - 8 Maple Street,
London W1T 5HD, United Kingdom
Phone: +44 (0)2037 819 360 (Monday – Friday)
Email: DPO@benevolent.ai
New York, USA Office
Benevolent Technology,
Inc.1 Dock 72 Way, 7th Floor,
Brooklyn, NY 11205
United States
Phone: +1 (929) 295-6550 (Monday – Friday)
Email: DPO@benevolent.ai

We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data, de-identified/pseudonymised data sets and de-identified/pseudonymised patient level data, tissues/blood samples that may be transferred from the EU in the context of employment relationship, business operations and scientific research purposes.

We are committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of employment relationship. As an EU Persons, you have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information on this Framework, refer to the Privacy Shield website at: https://www.privacyshield.gov/EU-US-Framework

Under the Privacy Shield Policy, you have the rights to personal information that BAI Group holds about you as stated in “Your Rights” session above if it has been processed in violation of the Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests can be sent to us using the contact information set out above.

Disclosure Under the Privacy Shield Framework
As stated in our disclosure commitment above, your Personal Data are used solely for administrative (HR) purposes and you will be duly informed if your personal information is to be shared with other third parties for a new purpose outside the scope or is materially different from that for which it was originally collected. We will give you the opportunity to choose whether to have your Personal Data disclosed or opt-out. However, note that in certain circumstance where BAI Group might be required to disclose your Personal Information in response to lawful requests by public authorities, to meet national security or law enforcement or investigations, we will oblige accordingly.

Onward Transfers to Third Parties Before any onward transfer of your Personal Data to third parties, we will ensure measures are in place that meets the level of security appropriate to such onward transfer in terms of contract (SCCs/BCRs) or agreement as appropriate to ensure adequacy in line with the provision of the Privacy Shield Principles. We will ensure that any third party receiving such Personal Information from us has entered into a written agreement or contract with Us requiring that such third party provide at least the same level of privacy protection as the Privacy Shield Principles.We remain responsible and liable under the Privacy Shield tenets, if any such third-party processes such Personal Information in a manner inconsistent with the terms of this policy, unless BAI can prove that it is not responsible for the event leading to any breach. We will ensure that the third-party notify Us if it makes a determination that it can no longer meet the stated terms. The contract shall provide that when such a determination is made, they cease processing or take reasonable and appropriate steps to remediate so as to align the Privacy Shield Principles.
What Are Cookies? Cookies are small text files which may be placed place on your computer or other devices when you visit our website. The cookie will help us recognise your device the next time you visit. We use the term “cookies” in this policy to refer to all files that collect information in this way. Cookies serve many functions. For example, they can help us to remember your preferences, browsing history and analyse how well our Site is performing, which then allow us to recommend content we believe will be most relevant to you.

Use of cookies
Universal Analytics (Google)
Name
Description
Duration
_ga
Registers a unique ID that is used to generate statistical data on how visitors use the website
2 years
_gat
Used by Google Analytics to throttle request rate
1 day
_gid
Registers a unique ID that is used to generate statistical data on how visitors use website
1 day
Google
Name
Description
Duration
_test_cookie
Helps to re-engage website visitors
1 day
Squarespace
Name
Description
Duration
crumb (necessary)
Prevents cross-site request forgery (CSRF). CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in
Session
test (necessary)
Investigates if the browser supports cookies and prevents errors
Session
ss_cvisit (analytics)
Identifies unique visitors and tracks a visitor’s sessions on a site
30 minutes
ss_cvt (analytics)
Identifies unique visitors and tracks a visitor’s sessions on a site
30 minutes
Hotjars
Name
Description
Duration
_hjid (htttp)
Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID
365 days
_hjid (html)
Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID
Persistent
_hjidcludedlnSample
Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels
365 days
LinkedIn
Name
Description
Duration
bcookie
Used by the social networking service, LinkedIn for tracking the use of embedded services
2 years
bscookie
Used by the social networking service, LinkedIn for tracking the use of embedded services
2 years
Youtube
Name
Description
Duration
VISITOR_INFO1_LIVE*
A cookie that YouTube sets that measures your bandwidth to determine whether you get the new player interface or the old
179 days
YSC
This cookie is set by the YouTube video service on pages with embedded YouTube video
Session
yt-remote-cast-installed
Stores the user's video player p references using embedded YouTube video
Session
yt-remote-connected-devices
Stores the user's video player p references using embedded YouTube video
Persistent
yt-remote-device-id
Stores the user's video player p references using embedded YouTube video
Persistent
yt-remote-fast-check-period
Stores the user's video player p references using embedded YouTube video
Session
yt-remote-session-app
Stores the user's video player p references using embedded YouTube video
Session
yt-remote-session-name
Stores the user's video player p references using embedded YouTube video
Session
Lawful Basis: We rely on your consent as the lawful basis for deploying cookies. We use cookies to track and analyse visitor’s usage of our website which help enhance the functionality of the website and provide content tailored to preferred areas of interest.

How to Delete and Block Our Cookies: You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Unless you have adjusted your browser setting so that it automatically refuses cookies, our system may issue cookies as soon as you visit our website.

Can I Withdraw My Consent? Yes, this is totally in your control. Whenever you wish to withdraw your consent, just delete your cookies history using your internet browser settings. If you wish to avoid the deployment of cookies on your system, you can refuse to accept cookies in your browser. Check your browser manual to see how this works in detail.

How to Turn Cookies Off: Internet browsers allow you to change your cookie settings. These settings are usually found in the ‘options’ or ‘preferences’ menu of your internet browser. In order to understand these settings, the following links may be helpful. Otherwise you should use the ‘Help’ option in your internet browser for more details.

Cookie Control
Apple Safari
Google Chrome
Microsoft Edge
Microsoft Internet Explorer
Mozilla Firefox
Opera

To Know More About Cookies:
You can contact us directly for more detail regarding the use of cookies: Data Protection Compliance Manager BenevolentAI Ltd, 4-8 Maple Street, London, W1T 5HD Phone: +44 (0)2037 819 360 Email: Compliancehelpdesk@benevolent.ai

Other Websites Our website may contain links to other websites from time to time. Note that this privacy policy only applies to this website (https://benevolent.ai/). Whenever you are redirected or linked to other websites, ensure you read and understand their privacy policies on their use of your personal data before consenting. we do not accept any responsibility or liability for external policies.
For concerns or questions about our privacy policy or how we process your data, contact our:

London, UK Office
Data Protection Compliance Manager
BenevolentAI Ltd
4 - 8 Maple Street,
London W1T 5HD, United Kingdom
Phone: +44 (0)2037 819 360 (Monday – Friday)
Email: DPO@benevolent.ai
New York, USA Office
Benevolent Technology, Inc.
1 Dock 72 Way, 7th Floor,
Brooklyn, NY 11205
United StatesPhone: +1 (929) 295-6550 (Monday – Friday)
Email: DPO@benevolent.ai

We do believe we can resolve any query or concern you may raise about our use of your Personal Information. The UK Data Protection Act 2018, the General Data Protection Regulation and the Privacy and Electronics Communications Regulation gives you the right to lodge a complaint with a supervisory authority, in particular within the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws may have occurred.

The Information Commissioner (ICO) is the supervisory authority for UK and may be contacted at:

Online: http://ico.org.uk/concerns/

Telephone: 0303 123 1113.


At BenevolentAI, we keep our privacy policy under regular review to continuously capture each emerging requirement. We will place any updates on this webpage.

Last updated: September 2020