Privacy Notice

This Privacy Notice applies to the processing of personal data by F2G.

F2G Ltd as the Controller, hereinafter as “F2G”, “we” or “us”, of the personal data, is committed to complying with:

The General Data Protection Regulation N°EU 2016/679 (hereinafter, the “GDPR”);
The General Data Protection Regulation as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (hereinafter the “UK GDPR”) and the UK Data Protection Act 2018 (amended 2020) (hereinafter the “Data Protection Act”);
And all EU applicable laws and regulations regarding data protection.

Collectively referred as “Data Protection Laws”.

With this Privacy Notice, F2G wants to make sure that you understand what personal information is collected about you, how your personal information is used and how it is kept safe by F2G. You may have been provided more specific privacy notices in the conduct of some of our activities, if this is the case, please refer to the notice directly provided to you, in particular if you are a participant in a clinical trial.

1. Why, how and for how long do we collect your personal data?

Depending on the purpose for which we process your personal data, we need to process one or more types of personal data. Personal data can be considered to be normal personal data, or sensitive personal data, both of which are protected by F2G, with sensitive personal data subject to further technical and organisational measures designed to protect your rights.

We will keep the personal data for no longer than necessary to fulfil the purposes for which it was collected, including any legal requirements for the retention of records. The personal data that we process comes from several sources, the below table outlines some, but not all of our common processing activities and details the purpose of processing, the type of personal data, the legal basis upon which we rely, and the minimum retention period for which each type of personal data will be retained.

Depending on each case, the processing will therefore be as follows:

Purposes	Types of personal data	Legal basis	Retention period
Clinical Trial Candidate Data	Health Data Clinical Data This data is pseudonymised, and F2G will never be able to identify you as an individual	This processing is based on our legitimate interest (Article 6 of the GDPR) in conducting a clinical trial with a suitable cohort of participants. We also rely upon the legal basis of processing in interests of public health under Article 9 of the GDPR for sensitive personal data.	We will process your data for the time necessary for the enrolment procedures of the trial.
Clinical Trial Participant Data	Health Data Clinical Data This data is pseudonymised, and F2G will never be able to identify you as an individual	This differs depending on the country in which you are based, where national laws dictate the legal basis. These legal bases are outlined in the Patient Information Sheet and Informed Consent Form which all Trial participants will have received. For trials which have been granted an ICF waiver, F2G relies upon its Legitimate Interests (Art 6 GDPR) and Public Interest in the area of public health (Art 9 GDPR).	We will process your data for the minimum time required under the regulations for clinical trials, typically for at least 25 years.
Employment Candidates	Contact Details, such as your full name, email, telephone and address. Professional Details such as your employment history, title, CV, professional and academic qualifications, scientific activities (such as prior publications or clinical trial experience), and membership in associations and boards.	This processing is based on our legitimate interest for the purpose of our recruitment process in order to administer and appraise job applications. We understand that the processing of these data is also beneficial to you to the extent that it enables you to get a job by providing a spontaneous application or answering to an offer.	We will process your data for the time appropriate for managing your application to join F2G.
To organise your participation in one of our events	Contact details such as full name, email address.	This processing is based on our legitimate interests.	We will process your data related to participation in any events, seminars or presentations that we host.
For statistical purposes	Aggregate statistical data (e.g., Company page on X, LinkedIn, YouTube).	We consider that we have legitimate interest to understand the way our page is consulted (e.g., how many times our page is consulted, from which country).	Statistical information is stored by X, LinkedIn, and YouTube and consequently, subject to their retention policy. We may export statistical reports, but this information is provided in a de-identified form.
Use of cookies for the functioning and managing of our website	Cookies may store in certain circumstances personal data which may include; IP addresses, browser type, location, operating system.	Please, see our Cookies Notice for more information.	Please, see our Cookies Notice

When relying upon the legal basis, Legitimate Interests, F2G conducts legitimate interest assessments to ensure that your data is protected and that your privacy rights as an individual are protected. For the processing of any sensitive personal data, F2G conducts a Data Protection Impact Assessment to ensure that every aspect of the data collection, data processing and data transfers are accounted for and sufficiently designed with your data protection rights in mind.

2. Data sharing

We do not sell or trade to outside parties your personal data.

Nevertheless, F2G has contracted with service providers to manage certain activities, this means that these processors may have access to your personal data, should you wish to know which processors have received your personal data, please contact our Data Protection Officer (hereinafter DPO) to submit as subject access request, and we will provide the requested information within 30 days.

Sharing your personal data as explained above may involve a transfer of personal data to a country outside the European Economic Area (EEA), and/or the UK. F2G is therefore committed to complying with the transfer rules under applicable Data Protection Laws and therefore will:

Ensure data recipients are located in a country deemed as adequate by the European Commission, and by the UK secretary of state; or
Where a country has not received an adequacy decision from the European Commission, or the UK secretary of state, F2G will implement appropriate safeguards, such as the EU Standard Contractual Clauses (“SCCs”) (and the UK addendum), and/or the International Data Transfer Agreement (“IDTA”).

You can contact our DPO, (see contact details below), if you want to have more details about the mechanism supporting the data transfer of your personal data.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government/administrative authority.

3. How do we protect your information?

F2G treats your personal data in a confidential manner and provides for a sufficient and adequate level of protection of your personal data.

Your personal data are contained behind secured networks and are only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.

These appropriate technical and organisational security measures are designed to protect your personal data in compliance with all applicable data protection and privacy laws, which includes protection against accidental or unlawful destruction, loss, alteration, unauthorised access to, or disclosure of your personal data.

When F2G contracts a processor, that processor is carefully selected and required to use appropriate measures in accordance with the standards established by the GDPR to protect the confidentiality and security of your personal data. That processor will only be permitted to process your data on the written instruction of F2G for the purpose specified by F2G.

4. Your rights

According to the GDPR, and/or UK GDPR, you have the following rights subject to limitation as set forth by applicable data protection law:

Access. You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, information related to the processing of data and a copy of the data being processed.
Rectification. You have the right to require rectification of inaccurate or incomplete data about you.
Right to be forgotten. To obtain the deletion of your personal data under certain specified circumstances.
Restrict processing. You have the right to restrict processing of data under certain specified circumstances.
Data portability. You have the right to request for the receipt or the transfer to another organisation, in a machine-readable form, of your personal data.
Object to processing. You have the right to object, on grounds relating to your particular situation, at any time to the processing of your data.
Right to withdraw consent. When you have given your explicit consent for the processing of your data, you can withdraw it at any time without any cost nor justification.

Please note that all these rights are not absolute and will be assessed on a case-by-case basis by our DPO.

If you would like to exercise your rights, please let us know by contacting our DPO, F2G.DPO@MyData-Trust.info. If you are a participant in a clinical trial, please do not contact the DPO directly using this email but instead refer your query, either to the Principal Investigator of the trial you are a participant in or use the trial specific DPO email address that has been provided to you on the Patient Information Sheet/Informed Consent From. This is due to the nature of the clinical trials, all the data received by F2G will have been pseudonymised, and F2G will not be able to identify you, and to do so would potentially risk the conduct of the trial.

You have the right to lodge a complaint if you consider that your personal data is not processed in accordance with the GDPR, and/or the UK GDPR.

If you are an EEA resident: You have the right to lodge a complaint with the Supervisory Authority in the Member State of the European Union of your habitual residence, place of work or place of the alleged infringement.

If you are a UK resident: you may file a complaint with the Information Commissioner’s Office (“ICO”), the Supervisory Authority of UK, following the instruction available in the service channels.

Please find the contact information of all Authorities in section 6 “Contacts”.

5. Privacy Notice

This Notice is effective as of the date stated at the top of this page. We may change this Notice from time to time. Please refer to this Notice on a regular basis.

Website and use of social media

Access to the Website implies the User’s full and unreserved acceptance of this Privacy Notice (hereinafter the “Notice”), as well as its general terms of use and the Cookies Notice. The User acknowledges having read the information below.

The Notice is valid for all pages hosted on the Website. It is not valid for the pages hosted by third parties to which F2G may refer and whose privacy notices may differ. F2G cannot therefore be held responsible for any data processed on these websites or by them. This Notice also applies to any other website that F2G may operate, including our Company pages on LinkedIn, YouTube, X (formerly Twitter).

Please, note that for the use of social media, F2G will be Joint-Controller only for the following activities: accessing and processing statistical aggregate data provided by on LinkedIn, YouTube, X . For any other processing on the platform, social media platform shall be considered as the sole Data Controller.

Facebook, including Instagram, and LinkedIn have created an “addendum” to their user agreements for company pages for the processing for which they are Joint-Controllers with us. Such agreement is not currently provided by X, or YouTube.

6. Contacts

F2G Ltd, acting as Controller
Lankro Way,
Eccles, Manchester,
England,
M30 0LX

Data Protection Officer
MyData Trust
F2G.DPO@MyData-Trust.info
+44 (0)5603 750073

EU Data Protection Authorities
https://edpb.europa.eu/about-edpb/about-edpb/members_en

UK Supervisory Authority (“ICO”)
Tel: +55 (0)3 03 12 31 11 3
Website: https://ico.org.uk/global/privacy-notice/your-right-to-complain/

General Data Protection Regulation
https://eur-lex.europa.eu/eli/reg/2016/679/oj

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time.
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_pk_id.*	1 year 27 days	Matamo set this cookie to store a unique user ID.
_pk_ses.*	30 minutes	Matomo set this cookie to store a unique session ID for gathering information on how the users use the website.