Privacy and Cookies Policy

WHO ARE WE?

We are an AI company with end-to-end capability from early drug discovery to late-stage clinical development. BenevolentAI combines the power of computational medicine and advanced AI with the principles of open systems and cloud computing to transform the way medicines are designed, developed, tested and brought to market.

OUR COMMITMENTS

BenevolentAI Limited and its subsidiary entities (“BenevolentAI Group”,’We”, “Us” BAI Group) is committed to conducting its businesses in accordance with all applicable Data Protection laws and regulations inline with the highest standards of ethical conduct. This privacy notice setforth the expected behaviours of BAI Group practices in relation to thecollection, use, retention, transfer, disclosure and destruction of Personal Data belonging to all BAI Group contacts (i.e. the Data Subjects).

BAI Group strive to ensure continued and effective implementation of this policy and expects all stakeholders to share this commitment. This policy (together with our “Terms” of use and any other document referred to on it) sets out the basis on which any Personally Identifiable Information (PII) we hold are processed.

Please read the following carefully to understand our views and practices regarding your Personal Data and how it’s processed. If you have anyconcerns or need further information, our Data Protection Compliance Manager can be contacted directly with the details below:

Data Protection Compliance Manager, BenevolentAI Ltd,4-8 Maple Street, London, W1T 5HD United Kingdom Phone: +44 (0)2037 819 360 Email: Compliancehelpdesk@benevolent.ai

YOUR PERSONAL DATA

Information we may collect: We may collect and process some or all of the following types of Personal Data:

Data type (that we may hold at any time) SOURCE (obtained data from)
Processors/Collaborators
  • Names
  • Home address
  • Email address
  • Phone number
  • Date of birth
  • NI / SS Number
  • Passport Number
  • Bank Account details
  • Other Credit Information (where necessary)
  • Job Agencies
  • Internal referral
  • Online
  • Onsite visitors’ registration system
  • Direct email messages
  • Direct phone calls
Pseudonymous / Patient Level Data Sets
  • De-identified data sets
  • De-identified patient level data
  • Human tissues
  • Data banks/Suppliers
  • Collaborators/Institutions
  • CROs
  • Processors/Suppliers/Investors/PartnersInformation
    • Supplier/Vendor/Contact ID
    • Email address
    • Company Physical Addresses
    • Company Physical Addresses
    • Name
    • Home Addresses
    • Phone number
    • Financial Information
    • Bank account
    • Onsite visits
    • Direct email messages
    • Phone calls
    • Technical information we may collect:
      • Internet Browsing
      • Activity data, such as when you completed a form on this website
      • Information from your visits to this website, including the type of browser and operating
      • Access times, pages viewed, URLs clicked on, your IP address and the pages you visited
      • Tracking pixels that allow platforms such as Facebook and Twitter to interact with this website and give feedback on your actions; and
      • Device information, including the unique device identifier, hardware model, operating system and version and mobile network information
      • Cookies / Online contact forms / Social Media platforms

      PURPOSE FOR PROCESSING

      Our use of personal data Legal basis for processing Legitimate interests pursued by us, or third parties
      • Accounting and Payroll
      • Recruitment
      • Health and Safety/Security purposes
      • Statistical analysis
      • Compliance with legislations (e.g. HMRC)
      • To help BAI Group improve services
      • Contractual obligation
      • consent
      • Accounting and payroll system
      • Administration and record keeping
      • Contractual administrative purposes

      DATA FROM OTHER SOURCES

      We source data from providers from time to time which may be combined with information you give to us and information we collect about you. We may use this information and the combined data for the purposes set out in this privacy notice (depending on the types of data we have received).

      Pseudonymised Datasets

      We collect pseudonymised datasets from data suppliers, CROs and collaborators for internal research purposes.

      Clinical Trial Data

      We work with vetted CROs and test centres from time to time who provide participant’s pseudonymised data for use in our clinical trials.

      NEWSLETTER SUBSCRIBERS

      When you subscribe to BAI Group’s newsletter, we will ask for your:

      • Names
      • Email address, and
      • Any other content preferences that can help tailor our messages to your interests

      Our use and storage of your data is based on your consent. This means you will receive tailored communication and updates regarding our upcoming events, products, services or opportunities from time to time. You can withdraw your consent or change your preference at any time, by following the ‘Unsubscribe’ link on any of our emails or contacting us at hello@benevolent.ai

      Event attendees When you register to attend one of our events (including via any of our third-party provider), we will ask for your:

      • Names
      • Email address, and
      • Any other relevant information as determined on an event-by-event basis; such as, job title or work-related email address.

      We will collect this information when you enrol to attend an event. Our use and storage of these data is based on your consent. We use the data solely for the purposes of administering the event. We may be required to share such data with third-party organisations where necessary to administer the event effectively.

      We often take photographs at our events and those photos may be used on our website, social media, newsletters or other internal or external communications. Please contact us if you have any question or concern regarding the use such photographs at any time. If you are a speaker at one of our events, we may promote your participation via platforms such as Twitter, LinkedIn and by marketing emails. External platforms may continue to store and use personal information after the event has ended.

      When you unsubscribe, your personal data will be automatically removed from the newsletter distribution system. We use MailChimp to provide this service and they process your personal data on our behalf. You can read the MailChimp privacy notice here. MailChimp operate in the United States, so your information is transferred to, stored and processed in the United States. MailChimp is deemed to have technical and organisational measure in place to ensure the security of your personal data and they are compliant with the EU-US Privacy Shield framework. You can view their certification here.

      HOW WE PROCESS YOUR PERSONAL DATA

      We rely on Contractual, Legitimate Interest and Legal Obligation as the lawful basis on which we collect and use your personal data. We use your data to provide you with information about our products, services and to improve those products and services. We will also use your data to notify you about changes and events and to ensure that content on our website is presented in the most effective manner for you and your computer.

      Data Disclosure All the information we collect from you are used for administrative (HR) and drugs discovery purposes. If there’s a need to disclose your personal data to other third parties for new purposes outside the scope or are materially different from that for which they were originally collected, BAI Group will ensure that your rights and freedom are not undermined and where applicable, give you the opportunity to decide if your Data should be processed in such manner. However, note that in certain circumstance where BAI Group might be required to disclose your data in response to lawful requests by public authorities, to meet national security, law enforcement or investigations, we will oblige accordingly.

      Data Storage We take appropriate technical and organisational measures to ensure all personal data is kept secured including security measures to prevent personal data from being accidentally collected, recorded, organised, structured, stored, altered, retrieved, consulted, used, disclosed by transmission, disseminated or otherwise made available, aligned or combined, restricted, erased or destroyed in an unauthorised way. We limit access to your personal data to those who have a genuine business need and duly trained for such processing. Those processing your information will do so only in an authorised manner that ensures confidentiality and accountability. We also have procedures in place to deal with any suspected data security breach. We will notify you and all applicable regulators of a suspected data security breach where we are legally required to do so within 72 hours.

      Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means outside the scope of this policy, therefore any of such transmission remains at your own risk as the transmission of information via the internet is not completely secure.

      Where We Store Data Your personal information may be stored by BAI Group and its affiliated/trusted third party suppliers within and outside the EEA. Data privacy laws in the countries to which your personal information is transferred may be deemed inadequate under the EU regulations. In all cases, BAI Group implement appropriate measures to ensure your personal data remains protected and secure in compliance with applicable data protection and privacy laws. These measures include data transfer agreements/contracts, implementing standard data protection clauses, or Binding Corporate Rules.

      HOW LONG WE RETAIN YOUR PERSONAL DATA

      Your personal data will be retained only for as long as reasonably necessary for the purposes set out in this Privacy Notice in accordance with applicable laws, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

      YOUR RIGHTS and ACCESS REQUEST

      Rights relating to the processing of your Personal Data The Data Protection Act 2018 (DPA), the General Data ProtectionRegulation (GDPR) and PERC provide you with specific rights relating toyour personal data that BAI Group holds and process at any given time.These rights include:

      • Right to Access (Subject Access Request)
      • Right to be Informed (Privacy Notices)
      • Right to Object to Processing
      • Right to Rectification
      • Right to Erasure (Right to be Forgotten)
      • Right to Restrict Processing
      • Right to Data Portability
      • Rights related to Automated Decision-Making including Profiling

      Data Subject Access Request: You can request access to the data we hold about you using the contact details set our below.

      Requests Should Include:

      • Two proof of identification:
        • one photographic ID (a copy of your passport or driving license)
        • one proof of address (a recent bill or financial statementshowing your current address)

      Subject Access Requests should be addressed to:

      Data Protection Compliance ManageR: BenevolentAI Ltd 4-8 Maple Street, London, W1T 5HD United Kingdom Phone: +44 (0)2037 819 360 Email: Compliancehelpdesk@benevolent.ai

      We are obliged by the governing regulations to respond promptly to your request and in any event within one month of receipt. Exception may apply for an extended period of two months if request proves particularly complex in nature, in which case you will be duly informed.

      Note: If we should need additional information to identify, validate and/or locate the information requested, we will contact you and wait for your response before we are able to process your request.

      EU-US PRIVACY SHIELD FRAMEWORK

      We comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. We are also subject to investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

      Independent Recourse Mechanism (IRM) In compliance with the Privacy Shield Principles, BAI commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Us at:

      London, UK Office New York, USA Office
      Data Protection Compliance Manager

      BenevolentAI Ltd

      4 - 8 Maple Street,

      London W1T 5HD, United Kingdom

      Phone: +44 (0)2037 819 360 (Monday – Friday)

      Email: Compliancehelpdesk@benevolent.ai

      Benevolent Technology, Inc.

      1 Dock 72 Way, 7th Floor,

      Brooklyn, NY 11205

      United States

      Phone: +1 (929) 295-6550 (Monday – Friday)

      Email: Compliancehelpdesk@benevolent.ai

      We have further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.

      We are committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of employment relationship. As an EU Persons, you have the option to select binding arbitration under the Privacy Shield Panel for the resolution of your complaint under certain circumstances. For further information on this Framework, refer to the Privacy Shield website at: https://www.privacyshield.gov/EU-US-Framework

      Under the Privacy Shield Policy, you have the rights to personal information that BAI Group holds about you as stated in “Your Rights” session above if it has been processed in violation of the Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests can be sent to us using the contact information set out above.

      Disclosure Under the Privacy Shield Framework As stated in our disclosure commitment above, your Personal Data are used solely for administrative (HR) purposes and you will be duly informed if your personal information is to be shared with other third parties for a new purpose outside the scope or is materially different from that for which it was originally collected. We will give you the opportunity to choose whether to have your Personal Data disclosed or opt-out. However, note that in certain circumstance where BAI Group might be required to disclose your Personal Information in response to lawful requests by public authorities, to meet national security or law enforcement or investigations, we will oblige accordingly.

      Onward Transfers to Third Parties Before any onward transfer of your Personal Data to third parties, we will ensure measures are in place that meets the level of security appropriate to such onward transfer in terms of contract (SCCs/BCRs) or agreement as appropriate to ensure adequacy in line with the provision of the Privacy Shield Principles. We will ensure that any third party receiving such Personal Information from us has entered into a written agreement or contract with Us requiring that such third party provide at least the same level of privacy protection as the Privacy Shield Principles.

      We remain responsible and liable under the Privacy Shield tenets, if any such third-party processes such Personal Information in a manner inconsistent with the terms of this policy, unless BAI can prove that it is not responsible for the event leading to any breach. We will ensure that the third-party notify Us if it makes a determination that it can no longer meet the stated terms. The contract shall provide that when such a determination is made, they cease processing or take reasonable and appropriate steps to remediate so as to align the Privacy Shield Principles.

      What Are Cookies? Cookies are small text files which may be placed place on your computer or other devices when you visit our website. The cookie will help us recognise your device the next time you visit. We use the term “cookies” in this policy to refer to all files that collect information in this way. Cookies serve many functions. For example, they can help us to remember your preferences, browsing history and analyse how well our Site is performing, which then allow us to recommend content we believe will be most relevant to you.

      Use of Cookies

      Universal Analytics (Google)

      Name Description Duration

      _ga

      Registers a unique ID that is used to generate statistical data on how visitors use the website

      2 years

      _gat

      Used by Google Analytics to throttle request rate

      1 day

      _gid

      Registers a unique ID that is used to generate statistical data on how visitors use website

      1 day

      Google

      Name Description Duration

      _test_cookie

      Helps to re-engage website visitors

      1 day

      Squarespace

      Name Description Duration

      crumb (necessary)

      Prevents cross-site request forgery (CSRF). CSRF is an attack vector that tricks a browser into taking unwanted action in an application when someone’s logged in

      Session

      test (necessary)

      Investigates if the browser supports cookies and prevents errors

      Session

      ss_cvisit (analytics)

      Identifies unique visitors and tracks a visitor’s sessions on a site

      30 minutes

      ss_cvt (analytics)

      Identifies unique visitors and tracks a visitor’s sessions on a site

      30 minutes

      Hotjars

      Name Description Duration

      _hjid (htttp)

      Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID

      365 days

      _hjid (html)

      Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behaviour in subsequent visits to the same site will be attributed to the same user ID

      Persistent

      _hjidcludedlnSample

      Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels

      365 days

      LinkedIn

      Name Description Duration

      bcookie

      Used by the social networking service, LinkedIn for tracking the use of embedded services

      2 years

      bscookie

      Used by the social networking service, LinkedIn for tracking the use of embedded services

      2 years

      Youtube

      Name Description Duration

      VISITOR_INFO1_LIVE*

      A cookie that YouTube sets that measures your bandwidth to determine whether you get the new player interface or the old

      179 days

      YSC

      This cookie is set by the YouTube video service on pages with embedded YouTube video

      Session

      yt-remote-cast-installed

      Stores the user's video player p references using embedded YouTube video

      Session

      yt-remote-connected-devices

      Stores the user's video player p references using embedded YouTube video

      Persistent

      yt-remote-device-id

      Stores the user's video player p references using embedded YouTube video

      Persistent

      yt-remote-fast-check-period

      Stores the user's video player p references using embedded YouTube video

      Session

      yt-remote-session-app

      Stores the user's video player p references using embedded YouTube video

      Session

      yt-remote-session-name

      Stores the user's video player p references using embedded YouTube video

      Session

      Lawful Basis: We rely on your consent as the lawful basis for deploying cookies. We use cookies to track and analyse visitor’s usage of our website which help enhance the functionality of the website and provide content tailored to preferred areas of interest.

      How to Delete and Block Our Cookies: You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site. Unless you have adjusted your browser setting so that it automatically refuses cookies, our system may issue cookies as soon as you visit our website.

      Can I Withdraw My Consent? Yes, this is totally in your control. Whenever you wish to withdraw your consent, just delete your cookies history using your internet browser settings. If you wish to avoid the deployment of cookies on your system, you can refuse to accept cookies in your browser. Check your browser manual to see how this works in detail.

      How to Turn Cookies Off: Internet browsers allow you to change your cookie settings. These settings are usually found in the ‘options’ or ‘preferences’ menu of your internet browser. In order to understand these settings, the following links may be helpful. Otherwise you should use the ‘Help’ option in your internet browser for more details.

      Cookie Control

      Apple Safari

      Google Chrome

      Microsoft Edge

      Microsoft Internet Explorer

      Mozilla Firefox

      Opera

      To Know More About Cookies:

      You can contact us directly for more detail regarding the use of cookies: Data Protection Compliance Manager BenevolentAI Ltd, 4-8 Maple Street, London, W1T 5HD Phone: +44 (0)2037 819 360 Email: Compliancehelpdesk@benevolent.ai

      Other Websites Our website may contain links to other websites from time to time. Note that this privacy policy only applies to this website (https://benevolent.ai/). Whenever you are redirected or linked to other websites, ensure you read and understand their privacy policies on their use of your personal data before consenting. we do not accept any responsibility or liability for external policies.

      HOW TO MAKE A COMPLAINT

      For concerns or questions about our privacy policy or how we process your data, contact our:

      London, UK Office New York, USA Office
      Data Protection Compliance Manager

      BenevolentAI Ltd

      4 - 8 Maple Street,

      London W1T 5HD, United Kingdom

      Phone: +44 (0)2037 819 360 (Monday – Friday)

      Email: Compliancehelpdesk@benevolent.ai

      Benevolent Technology, Inc.

      1 Dock 72 Way, 7th Floor,

      Brooklyn, NY 11205

      United States

      Phone: +1 (929) 295-6550 (Monday – Friday)

      Email: Compliancehelpdesk@benevolent.ai

      We do believe we can resolve any query or concern you may raise about our use of your Personal Information. The UK Data Protection Act 2018, the General Data Protection Regulation and the Privacy and Electronics Communications Regulation gives you the right to lodge a complaint with a supervisory authority, in particular within the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws may have occurred.

      The Information Commissioner (ICO) is the supervisory authority for UK and may be contacted at:

      Online: http://ico.org.uk/concerns/

      Telephone: 0303 123 1113.

      At BenevolentAI, we keep our privacy policy under regular review to continuously capture each emerging requirement. We will place any updates on this webpage.

      Last updated: August 2019