APPLICANT PRIVACY NOTICE

This privacy notice applies if you are applying for employment with Aimmune Therapeutics UK Ltd.

In this notice, “we”, “us” and “our” means Aimmune Therapeutics UK Ltd, being the entity proposing to employ you on the date that you receive this document.

We are registered in the UK and our registered address is at Carrick House, Lypiatt Road, Cheltenham, Gloucestershire, GL50 2QJ, England and our company registration number is 09559128..

About this privacy notice

For the purposes of data protection law, we are a data controller in respect of your personal data. We are responsible for ensuring that we use your personal data in compliance with data protection law.

This privacy notice applies if you are a prospective employee of our organisation. This notice explains what personal data we will collect and how we will use it. Please take the time to read and understand this privacy notice.

Personal data that we may collect about you

We will collect and process (e.g. obtain, record, use, share or hold etc.) the following personal data about you:

  • Information that you provide to us. This includes information that you give us by submitting any applications, filling in forms or by communication with us, whether face-to-face, by phone, e-mail or otherwise during the application process. This information may include:
    • personal details such as your full name, email address, contact details, employment history and details of your education, qualifications, skills and experience (both academic and professional);
    • details of your current remuneration and benefit entitlements;
    • details of your health and/or any disabilities for which we need to make reasonable adjustments during the recruitment process;
    • information about your entitlement to work in the UK, including your nationality; and
    • any other details you provide in support of your application, including information contained in your CV and/or covering email and your reasons for applying to us.
  • Information we collect or generate about you. This includes:
    • personal data that we collect through your communication and correspondence with us (including the content, date and time of your email correspondence); and
    • information obtained through any, interviews and assessments with you.
  • Information we obtain from other sources. This includes personal data that we collect from screening, background, criminal record and/or reference checks we may perform on you as part of the application or recruitment process in order to verify the information that you provide to us, which may include your address history, your credit history, your qualifications (both academic and professional), your previously held directorships (if any) and your criminal record.

Uses of your personal data

Your personal data may be stored and processed by us in the following ways and for the following purposes:

  • to consider your application (including, in some cases, verifying your qualifications and references with those third parties you name);
  • to make reasonable adjustments in the recruitment process for disability;
  • to maintain consistent practices and procedures with respect to recruitment, including the performance of human resources and other functions;
  • to meet our legal and regulatory obligations;
  • to process your personal information for the purposes of equal opportunities monitoring; and
  • to maintain contact with you in the future and notify you of relevant job vacancies that you might be interested in. Please note that if you do not want us to retain your information, or want us to update it at any stage, please contact us in accordance with the “Contacting us” section.

We are entitled to use your personal data in these ways because:

  • we need to in order to take steps in preparation for entering into a contract with you, in particular to consider you for a position with us;
  • we have legal and regulatory obligations that we have to discharge, including in our capacity as your prospective employer;
  • we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; and/or
  • the use of your personal data as described is necessary for our legitimate business interests, such as:
    • allowing us to effectively assess your skills, qualifications and/or the strength and merits of your application and your suitability for the role applied for;
    • allowing us to effectively verify your information;
    • allowing us to effectively and efficiently administer and manage the operation of our business;
    • ensuring a consistent approach to the recruitment; or
    • being able to contact you in relation to your application and the recruitment process.

Provision of personal data is generally voluntary but in certain circumstances, not providing the requested data may affect our ability to meet the above purposes and may impact on our ability to process your application.

Please note, if your application is successful and you are subsequently offered and accept employment with us, the information we collect during the application and recruitment process will become part of your employment record.

Disclosure of your information to third parties

We may disclose your personal data to other members of our group for the purposes of:

  • the management and administration of our business, including the maintenance of the centralised databases storing personal data;
  • enabling the performance of the functions that each of the businesses may perform relating to regional or global HR decisions; or
  • assessing compliance with applicable laws, rules and regulations, and internal policies and procedures across our business and our affiliates’ businesses.

Where personal data is disclosed to other members of our group, we will take steps to ensure that the personal data is accessed only by those that need to do so for the purposes described in this notice.

In addition to the above we may share your personal data with third parties outside of our group:

  • to third party agents or contractors, bound by obligations of confidentiality, in connection with the processing of your personal data for the purposes described in this notice. This may include outsourced HR service providers and consultants, IT and communications service providers, law firms, accountants and auditors; and
  • to the extent required by law, regulation or court order, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights.

Transfers of personal data outside the European Economic Area (“EEA”)

Your personal data may be transferred to and stored a destination outside the European Economic Area (“EEA”).  It may also be processed by individuals operating outside of the EEA who work for one of our group companies and/or our third parties suppliers.  In particular, it may be transferred to and processed by Aimmune Therapeutics, Inc. in the United States (and in any other country in which members of our group may have offices in the future).

  • Where your personal data is transferred to Aimmune Therapeutics, Inc. in the US, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA because Aimmune Therapeutics, Inc. is a certified member of the EU-US Privacy Shield scheme.
  • Where your personal data is transferred to any other recipient outside of the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA in other ways, for instance:
  • the country that we send the data to might be approved by the European Commission as offering a sufficient level of protection; or
  • the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data,
  • In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with applicable data protection law.

You can obtain more details about the protection given to your personal data when it is transferred outside the EEA by contacting us in accordance with the “Contacting us” section or at Privacy Shield

Retention of personal data

How long we hold your personal data for will vary. The retention period will be determined by various criteria including:

  • the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; and
  • legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data.

In some instances, we may retain your information to consider you for other roles and future opportunities which may be of interest to you. If you do not want us to retain your information, or want us to update it at any stage, please contact us in accordance with the “Contacting us” section.

Your rights

You have a number of legal rights in relation to the personal data that we hold about you  These rights include:

  • the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you;
  • the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so;
  • in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us (and not, for the avoidance of doubt, information we, or other members of the Aimmune group, otherwise collect about you or information we obtain about you from other sources);
  • the right to request that we rectify your personal data if it is inaccurate or incomplete;
  • the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it;
  • the right to request that we restrict our processing of your personal data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request;
  • the right to object to our processing of your personal data in certain circumstances. Please note that there may be circumstances where you object to our processing of your personal data but we are legally entitled to continue to process it; and
  • the right to lodge a complaint with the UK data protection regulator, the Information Commissioner’s Office (https://ico.org.uk/), if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details set out in the “Contacting Us” section below.

Contacting us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed in this notice, please contact us using the following contact information:

Address: Christie Coutin, HR Business Partner – Europe

Email Address: ccoutin@aimmune.com

You can find out more information about your rights by contacting the data protection regulator in the UK, the Information Commissioner’s Officer, or by searching their website at https://ico.org.uk/.