Privacy notice

BenevolentAI Group is committed to conducting its businesses in accordance with all applicable Data Protection laws and regulations in line with the highest standards of ethical conduct. This privacy policy (this “Policy”) sets forth the expected behaviours of BenevolentAI Group practices in relation to the collection, use, retention, transfer, disclosure, and destruction of Personal Data belonging to all BenevolentAI Group contacts (i.e. the “Data Subjects”).

BenevolentAI Group strives to ensure continued and effective implementation of this Policy and expects all stakeholders to share this commitment. This Policy (together with our “Terms” of use and any other document referred to on it) sets out the basis on which any personal data (as defined in Regulation (EU) 2016/679 (the “GDPR”)) that we hold (the “Personal Data”) are processed.

Please read the following carefully to understand our views and practices regarding your Personal Data and how it’s processed. If you have any concerns or need further information, our Data Protection Officer (“DPO”) can be contacted directly with the details below:

DPO, BenevolentAI Limited
4-8 Maple Street, London, W1T 5HD 
United Kingdom
Phone: +44 (0)2037 819 360
Email: DPO@benevolent.ai
 

We may collect and process some or all of the following types of Personal Data:

PURPOSE FOR PROCESSING

This section provides more detail on the types of personal information we collect from you, and why.

We source data from providers from time to time which may be combined with information you give to us and information we collect about you. We may use this information and the combined data for the purposes set out in this Policy (depending on the types of data we have received).

Pseudonymised Datasets
We collect pseudonymised datasets from data suppliers, CROs, partners and collaborators for internal research purposes.

Clinical Trial Data

• We work with vetted CROs and test centres/sites from time to time who provide participant’s pseudonymised data for use in our clinical trials and internal research.
• From time to time, these processing may involve special categories of personal health data. BenevolentAI Group relies on the exception under Articles 9(2)(i) and 9(2)(j); and Article 89(1) of the GDPR (Legitimate Interests, Scientific or Historical Research Purposes) and Schedule(1), Part (1) sections 10 and 19 of the Data Protection Act 2018 (“DPA 2018”) as our lawful basis for processing.

When you subscribe to BenevolentAI Group’s newsletter, we will ask for your:

• names;
• email address; and
• any other content preferences that can help tailor our messages to your interests.

Our use and storage of your data is based on your consent. This means you will receive tailored communication and updates regarding our upcoming events, products, services, or opportunities from time to time. You can withdraw your consent or change your preference at any time, by following the ‘Unsubscribe’ link on any of our emails or by contacting us at hello@benevolent.ai.

Event attendees: When you register to attend one of our events (including via any of our third-party providers), we will ask for your:

• names;
• email address; and
• any other relevant information as determined on an event-by-event basis; such as job title or work-related email address.

We will collect this information when you enrol to attend an event. Our use and storage of these data is based on your consent. We use the data solely for the purposes of administering the event and send you tailored communication and updates regarding our upcoming events, products, services, or opportunities from time to time. We may be required to share such data with third-party organisations where necessary to administer the event effectively.

We often take photographs at our events and those photos may be used on our website, social media, newsletters, or other internal or external communications. Please contact us if you have any questions or concerns regarding the use of such photographs at any time. If you are a speaker at one of our events, we may promote your participation via platforms such as Twitter, LinkedIn, and by marketing emails. External platforms may continue to store and use personal information after the event has ended.

When you unsubscribe, your personal data will be automatically removed from the newsletter distribution system. We use Hubspot to provide this service and they process your personal data on our behalf. You can read the Hubspot privacy notice here. Hubspot operates in the United States (“US”), so your information is transferred to, stored, and processed in the US. Hubspot is deemed to have implemented adequate technical and organisational measures in place to ensure the security of your personal data in compliance with the UK GDPR, DPA 2018, and the EU GDPR as outlined in their DPA here. Hubspot is also compliant with the EU-US Data Privacy Framework (EU-US DPF). You can view their certification here.

We rely on Contractual Performance, Public Interest, Consent, Legitimate Interest, and Legal Obligation (each as defined in the GDPR) as the lawful basis on which we collect and use your Personal Data. We use your Personal Data to provide you with information about our products, and services and to improve those products and services. We will also use your Personal Data to notify you about changes and events and to ensure that content on our website is presented in the most effective manner for you and your computer.

All the Personal Data we collect from you are used for administrative (HR) and drug discovery purposes. If there is a need to disclose your Personal Data to other third parties, for new purposes outside the original scope or for purposes materially different from that for which they were originally collected, we will ensure that your rights and freedom are not undermined. Where applicable, we will give you the opportunity to decide if your Personal Data should be processed in such a manner. However, note that in certain circumstances, we might be required to disclose your data in response to lawful requests by public authorities, to meet national security, law enforcement, or investigations and we will oblige accordingly.

BenevolentAI Group and its affiliated/trusted third-party suppliers may store your Personal Data within and outside the UK and the EEA. Data protection and privacy laws in the countries to which your Personal Data are transferred may be deemed inadequate under the GDPR. In all cases, BenevolentAI Group takes all reasonably necessary steps to ensure your Personal Data remains protected and secure in compliance with applicable data protection and privacy laws. These measures include data transfer agreements, implementing standard contractual clauses, or International Data Transfer Agreements (“IDTAs”).

We take appropriate technical, organisational, and administrative measures to ensure all Personal Data is kept secure including security measures to prevent Personal Data from being accidentally collected, recorded, organised, structured, stored, altered, retrieved, consulted, used, disclosed by transmission, disseminated or otherwise made available, aligned or combined, restricted, erased or destroyed in an unauthorised manner. We limit access to your Personal Data to those who have genuine business needs and are duly trained for such processing. Those processing your information will do so only in an authorised manner that ensures confidentiality and accountability. We also have procedures in place to deal with any suspected data security breach. We will notify you and all applicable regulators of a suspected data security breach where we are legally required to do so within 72 hours.

Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted through any online means outside the scope of this Policy. Any such transmission remains at your own risk as the transmission of information via the internet is not completely secure.

We will retain your Personal Data as follows:

• your account data for as long as you keep your account open or as needed to provide you with our products or services;
• if you contact us, we will keep your data for 24 months; 
• your technical usage information for 24 months, and
• data on your use of our Website and our products or services is retained for 24 months.

We will also retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes and enforce our terms and conditions, other applicable terms of service, and our policies. If you stop using our products or services, we will store your information in an aggregated and anonymised format; we may use this information indefinitely without further notice to you.

For further information, contact our DPO at: DPO@benevolent.ai

Rights relating to the processing of your Personal Data

The law provides you with specific rights relating to your Personal Data that we hold and processes at any given time. These rights include:

• Right to Access (Subject Access Request) – You have the right to access Personal Data we hold about you, how we use it, and who we share it with.
• Right to be Informed (Privacy Notices)
• Right to Object to Processing – You have the right to object to our processing of your Personal Data.
• Right to Rectification – You have the right to correct any of your Personal Data we hold that is inaccurate.
• Right to Erasure (Right to be Forgotten) – In certain circumstances, you have the right to delete the Personal Data we hold about you.
• Right to Restrict Processing – You have the right to require us to stop processing the Personal Data we hold about you, other than for storage purposes, in certain circumstances.
• Right to Data Portability – You have the right to receive a copy of the Personal Data we hold about you and to request that we transfer it to a third party, in certain circumstances, and with certain exceptions.

Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests, or where we are required by law to retain your Personal Data. You have the right to object to marketing at any time by clicking the ‘Unsubscribe’ link on any of our emails or contacting us at hello@benevolent.ai.

Data Subject Access Request

You can request access to the Personal Data we hold about you using the contact details set out below. Requests should include:

• Your full name, address, and a clear description of the information that you seek.
• Two proofs of identification:
  • one photographic ID (a copy of your passport or driving license); and 
  • one proof of address (a recent bill or financial statement showing your current address that we have on record).

Data Subject Access Requests should be addressed to:
The DPO, BenevolentAI Limited
4-8 Maple Street, London, W1T 5HD 
United Kingdom
Phone: +44 (0)2037 819 360
Email: DPO@benevolent.ai

We are obliged by the governing regulations to respond promptly to your request and in any event within one calendar month of receipt. Exceptions may apply for an extended period of two months if the request proves particularly complex in nature, in which case you will be duly informed.

Should we need additional information to identify, validate and/or locate the requested information, we will contact you and wait for your response before processing your request.

Read our full cookie policy here

Our website may contain links to other websites from time to time. Note that this Policy only applies to this website (https://benevolent.com/). Whenever you are redirected or linked to other websites, ensure you read and understand their privacy policies on their use of your Personal Data before consenting. We do not accept any responsibility or liability for external policies. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms, may also be viewable by other users of this website and/or users of those third-party online platforms without limitation as to its use by a third party or by us. Our inclusion of such links does not imply any endorsement of the content on such platforms or of their owners or operators except as disclosed on our website. We expressly disclaim any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of Personal Data by third parties. Any information submitted by you directly to these third parties is subject to that third party’s privacy policy.

For concerns or questions about our privacy policy or how we process your data, contact our:

Luxembourg Office:
DPO,
BenevolentAI
9, rue de Bitbourg,
L-1273 Luxembourg,
Grand Duchy of Luxembourg
Phone: +44 (0)2037 819 360
(Monday – Friday)
Email: DPO@benevolent.ai

London, UK Office:
DPO,
BenevolentAI Limited
4 - 8 Maple Street,
London W1T 5HD, United Kingdom
Phone: +44 (0)2037 819 360 
(Monday – Friday)
Email: DPO@benevolent.ai
 

We believe that we can resolve any query or concern you may raise about our use of your Personal Data. The DPA 2018, the GDPR, the UK GDPR, and the PECR give you the right to lodge a complaint with a supervisory authority, in particular within the EU (or EEA) state where you work, normally live, or where any alleged infringement of data protection laws may have occurred.

The ICO is the supervisory authority for the UK and may be contacted:

Online: http://ico.org.uk/concerns/ 

Telephone: 0303 123 1113.

BenevolentAI Group keeps this Policy under regular review to continuously capture each emerging requirement. We will place any updates on this webpage.

Last updated: August 2024