Privacy Notice

We will comply with data protection law and principles, which means that your data will be:

• Used lawfully, fairly and in a transparent way

• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes

• Relevant to the purposes we have told you about and limited only to those purposes

• Accurate and kept up to date

• Kept only as long as necessary for the purposes we have told you about

• Kept securely

We process all personal data in compliance with all applicable data privacy, data protection, and cybersecurity laws, rules and regulations, including, but not be limited to the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules, 45 C.F.R. Parts 160-164 any other U.S. state or federal laws or regulations governing the privacy or security of personal data and the EU General Data Protection Regulation 2016/679 (“GDPR”) including the applicable implementing legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR, as well as any guidance or statutory codes of practice issued by the relevant Privacy Authority, and the UK Data Protection Act 2018, the UK GDPR, the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, and any successor legislation in each case as amended from time to time, the Swiss Federal Act on Data Protection of 19 June 1992, as amended from time to time, and any successor legislation, the Canadian Personal Information Protection and Electronic Documents Act (S.C. 2000, c.) (“PIPEDA”), and any other privacy law that is applicable to Services.

Your personal data will be processed in accordance with the required data protection principles below.

Website Users

When someone visits www.theradex.com we may collect standard internet log information and details of visitor behaviour patterns, which allows us to see how users interact with the website and to enable us to improve it, where necessary.

Website information is collected in a way that does not identify users and we do not make any attempts to find out the identities of those visiting. We do not associate any data gathered from this source with any personally identifying information for any other sources.

Customers/Suppliers

Theradex Oncology collects and processes a range of professional personal information, which includes:

• Name, title and contact details (company, address, email and telephone numbers)

• Personal information of directors, officers and shareholders for screening purposes to ensure that Theradex Oncology comply with legal and regulatory obligations, including trade control, anti-money laundering, anti-bribery and corruption laws and other regulatory requirements, as appropriate.

Personal information is stored in a range of locations, including our project, supplier management and finance systems and databases, internal files and drives, plus our email system. This information is strictly controlled, and access is only authorised to personnel who require it to fulfil tasks in accordance with their roles and responsibilities.

Please be assured that Theradex Oncology will never buy, sell or trade personal data to any third parties.

We will use the personal information we collect about you for the following purposes:

• Undertaking business development, growth and other operational activities

• Responding to queries and requests

• Concluding, performing and managing new and existing contracts

• Health and safety

• Legal and regulatory obligations

Under the GDPR and other global data protection laws the use of personal information must be justified. Such justification is often called a “legal basis” and Theradex Oncology apply the following legal bases when processing personal information:

• To fulfil the performance of a contract

• Where we have a legal obligation

• To achieve our legitimate interests, provided that this does not affect your rights as a data subject

• Where necessary to defend, prosecute or make a legal claim

• Where you have been asked to provide your consent

Theradex Oncology have implemented a number of operational controls and internal policies to ensure that personal information is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Theradex Oncology is a brand of Theradex Systems, Inc., a US organisation that has operations in the UK, EU and other locations around the world. We ensure that we comply with the appropriate regional data protection and privacy legislation and regulations, including (but not limited to) the UK and EU General Data Protection Regulation (GDPR).

For sharing information outside of the UK and EU, both internally with our US parent company and externally with approved customers and suppliers, we have implemented appropriate legal safeguards, such as the European Commission approved standard contractual clauses and data sharing agreements, which ensure an adequate level of data protection wherever your information is physically processed.

Where we engage with third parties to process personal information on our behalf, we do so based on written instructions, contractual agreements and robust due diligence, ensuring that the third party has appropriate technical and organisational measures in place to secure and protect the information.

Your information will be shared internally within Theradex Oncology if access is necessary for the performance of tasks and roles. It may be necessary to share your information with competent public authorities, government, regulatory or fiscal agencies to comply with a legal or regulatory obligation to which Theradex Oncology is subject to. In all circumstances, your information is subject to strict confidentiality arrangements.

Theradex Oncology will retain the personal information of suppliers and customers for the duration of the contract and for a period thereafter. The period after contract conclusion may be due to a legal obligation or to serve our legitimate interests for business development and growth. After the retention period, we will securely destroy your personal information in accordance with applicable laws and regulations.

As a data subject, you have a number of rights available to you, as follows:

• To access and obtain a copy of personal information processed by Theradex

• To change incorrect or incomplete personal information

• To delete or stop processing personal information, in certain circumstances

• To object to the processing of your personal data, in certain circumstances

• To complain if you are unhappy with how your information has been processed

If you wish to exercise any of these rights or if you have any queries regarding how Theradex Oncology process your personal information, please contact PrivacyDesk@theradex.com

If you are not satisfied with the way that your information has been processed, or how we have responded to your queries or requests, you have the right to contact the UK Information Commissioners Office (the ICO) via www.ico.org

Theradex Oncology (Theradex Systems Inc.) has chosen to remain certified with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. 

In the wake of the Schrems II decision which invalidated the EU-US Privacy Shield as a mechanism for transferring EU resident personal data to certified US entities, participants in the program, Theradex Oncology has decided to recertify to ensure consistency across organizational processes and in anticipation of new decisions from the EU courts and EU Commission.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/