Employee Privacy Notice

Inizio Group Limited and each of its subsidiaries
(together, “Inizio” or the “Inizio Group”)

WELCOME TO INIZIO’s EMPLOYEE PRIVACY NOTICE.

Last updated: 3 June 2024

This notice provides information on the Inizio Group’s processing of personal data of its employees. If you are or have been an employee of an Inizio Group company, we may process personal data about you. This Privacy Notice applies only when the Inizio Group is collecting or otherwise processing personal data for Inizio Group’s purposes (i.e., when the Inizio Group (either alone or in common with other entities) is a Controller and therefore determines the purposes for which and the manner in which any personal data is processed). In addition to this Privacy Notice, some Inizio Group systems, applications, and processes may contain their own privacy notices, which provide additional details.

Inizio’s business is structured under five core divisions:

Advisory (which includes agencies such as Putnam, STEM, Vynamic, Research Partnership);
Medical (which includes agencies such as Ashfield, Apothecom, Nucleus Global, MEDiSTRAVA);
Marketing and Communications (“MarComms”) (represented by Evoke);
Engage (which includes agencies such as XD, Propensity4, Nuvera); and
Biotech

The Inizio Group company that you are or have been employed by (below referred to as “Inizio” “we,” “us,” or “our” is the Controller of the personal data that Inizio obtains from you and the other sources described below.

“Controller” means that it is Inizio that decides on the purpose and means for the processing of your personal data. Inizio is responsible for the processing of your personal data under applicable data privacy laws and regulations.

We respect your privacy and are committed to protecting your personal data. By ‘your personal data’ we mean any information about you, that you or third parties provide to us. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

Inizio encourages the periodic review of this Privacy Notice to stay aware of any changes to it. We reserve the right to amend this Privacy Notice as needed. When we do, we will note near the top of this Privacy Notice the date that any such changes are made and/or when they become effective.

Privacy Notice Sections

IMPORTANT INFORMATION AND WHO WE ARE
CONTACT DETAILS
THE DATA WE COLLECT ABOUT YOU
HOW IS YOUR PERSONAL DATA COLLECTED
HOW WE USE YOUR PERSONAL DATA
DISCLOSURES OF YOUR PERSONAL DATA
INTERNATIONAL TRANSFERS
DATA SECURITY
DATA RETENTION
YOUR LEGAL RIGHTS

1. IMPORTANT INFORMATION AND WHO WE ARE

Purpose of this privacy notice

This privacy notice informs you how we collect and process your personal data as part of your employment. This notice does not form part of any contract of employment or other contract to provide services. We may update this notice at any time.

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

2. CONTACT DETAILS

Our full details are:

Trading name: Inizio

Legal entity: Inizio Group Limited

Name or title of DPO: Group Data Protection Officer

Email address: [email protected]

Postal address: 8^th Floor, Holborn Gate, 26 Southampton Buildings, London, WC2A 1AN

Phone number: +44 (0) 20 3861 3999

You have the right to make a complaint at any time to the supervisory authority for data protection issues in the country in which you reside. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us at [email protected] in the first instance.

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us.

3. THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where your identity has been removed (anonymous data).

We may collect, store, and use the following categories of personal information about you. Please note that the below list is a list of examples only and not intended as an exhaustive list. Inizio will not necessarily process all the data listed below about you, and some of the purposes for processing will overlap and there may be several purposes which justify our use of your personal data.

Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
Date of birth;
Gender;
Marital status and dependants;
Next of kin and emergency contact information;
National Insurance number;
Bank account details;
Payroll records;
Tax status information;
Salary, annual leave, pension and benefits information;
Start date;
Location of employment or workplace;
Copy of driving licence;
Copy of passport;
Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
Employment records (including job titles, work history, working hours, training records and professional memberships);
Compensation history;
Performance information;
Disciplinary and grievance information;
CCTV footage and other information obtained through electronic means;
Information about your use of our information and communications systems; and
Photographs.

We may also collect, store and use the following “special categories” of more sensitive personal information:

Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
Trade union membership;
Information about your health, including any medical condition, health and sickness records; and
Information about criminal convictions and offences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

How we use particularly sensitive personal information

We will use your particularly sensitive personal information in the following ways. We will use information relating to leaves of absence, which may include sickness absence or family related leave, to comply with employment and other laws;

We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits;
We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting; and
We will use trade union membership information to pay trade union premiums, register the status of a protected employee and to comply with employment law obligations.

Information about criminal convictions

We will only collect information about criminal convictions if it is appropriate given the nature of the role and where we are legally able to do so. Where appropriate, we will collect information about criminal convictions as part of the recruitment process or we may be notified of such information directly by you in the course of you working for us. We have in place an appropriate policy document and safeguards that we are required by law to maintain when processing such data.

If you fail to provide personal data

Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data. However, please note that it is necessary for us to process certain personal data relating to you to administer your employment with us, such as the employment contract, the provision of IT tools and services, access rights to our premises and the payment of salary and benefits.

4. HOW IS YOUR PERSONAL DATA COLLECTED?

We will primarily obtain your personal data from yourself, e.g. during the application and on- boarding process, throughout the duration of employment, and, in some cases where permitted, upon separation. Your personal data may also be obtained via your manager or Human Resources, or other third party to whom you have directed us to obtain your personal data, e.g. when we contact references that were provided to us by you. Some personal data might also be automatically generated from Inizio’s IT-system, or equivalent, for example when creating your user-id to Inizio systems.

5. HOW WE USE YOUR PERSONAL DATA

We need the categories of information in the list above (section 3) primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below. Some of these situations are only applicable to employees:

Making a decision about your recruitment or appointment;
Determining the terms on which you work for us;
Checking you are legally entitled to work in a particular country;
Paying you;
Deducting tax and National Insurance contributions;
Providing the following benefits to you such as: private medical insurance, life insurance, pension, company car and any other contractual or discretionary benefits related to your employment;
Liaising with your pension provider and providers of other benefits;
Administering the contract we have entered into with you;
Business management and planning, including accounting and auditing;
Conducting performance reviews, managing performance and determining performance requirements;
Making decisions about salary reviews and compensation;
Assessing qualifications for a particular job or task, including decisions about promotions;
Gathering evidence for possible grievance or disciplinary hearings;
Making decisions about your continued employment or engagement;
Making arrangements for the termination of our working relationship;
Education, training and development requirements;
Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work;
Ascertaining your fitness to work;
Managing sickness absence;
Complying with health and safety obligations;
To prevent fraud;
To monitor your use of our information and communication systems to ensure compliance with our IT policies;
To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution;
To conduct data analytics studies to review and better understand employee retention and attrition rates; and
Equal opportunities monitoring.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Do we need your consent?

We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations or exercise specific rights in the field of employment law. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. DISCLOSURES OF YOUR PERSONAL DATA

Inizio is a global group of companies with offices and operations throughout the world, and your personal data may be transferred or be accessible internationally throughout the Inizio Group’s global business and between its various entities and affiliates. Any transfers of your personal data to other Inizio Group companies (including transfers from within the EU/EEA to outside the EU/EEA) will be governed by an intercompany agreement based on EU approved Standard Contractual Clauses or such other mechanisms as have been recognized or approved by the relevant authorities from time to time. Such agreement reflects the standards contained in European data privacy laws (including the EU General Data Protection Regulation). Having this agreement in place means that all Inizio Group entities have to comply with the same internal rules. It also means that your rights stay the same no matter where your data are processed by Inizio Group.

We may also share your information with selected third parties including:

Business partners, clients, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
Emergency service providers, such as the police, fire brigade, ambulance, and roadside assistance in connection with emergency assistance.
Law enforcement, regulatory authorities, and other public and judicial bodies in connection with legal obligations such as court orders or legal reporting requirements or if considered necessary in exceptional cases to protect the vital interest of you or others.
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to enforce any contract or agreement between us; or to protect the rights, property, or safety of Inizio, our staff, customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. INTERNATIONAL TRANSFERS

Whenever we do transfer your personal data to another jurisdiction, we will take appropriate steps to protect such, which includes the following:

Entering into an agreement with the third party which includes clauses that offer adequate protection for your information and these will offer no less protection than are provided by those determined by the EU commission, a template copy of which is available at: https://commission.europa.eu/law/law-topic/data-protection_en; or
Otherwise ensuring that information would only be transferred to third parties in jurisdictions that have at least the same data privacy protection for personal data as the jurisdiction from which the personal data originates from. For example, in the case that the personal data originates from the EEA or UK and is transferred to a third country that has been deemed to offer adequate protection by the EU Commission or UK ICO for the processing of your personal data.

8. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9. DATA RETENTION

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, tax, reporting requirements or as is consented to by yourself.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. Once you are no longer an employee of the company we will retain and securely destroy your personal information in accordance with our record retention policy and applicable laws and regulations.

10. YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data, which include the following:

Request access to your information by submitting a request to the DPO at Inizio;
Update or amend your information if it is inaccurate or incomplete;
Object to certain uses of your personal data, including direct marketing and processing based on legitimate interests and processing for purposes of scientific or historical research and statistics on grounds relating to your particular situation;
Request the deletion of your information, or restrict its use, in certain circumstances (for example, subject to lawful exceptions applying, you can request that we erase your information where the information is no longer necessary for the purpose for which it was collected);
To withdraw any consents you have provided in respect of our use of your information;
To request a copy of the information you have provided to us, to use for your own purposes (often called your right to data portability); and
To lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.

Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

If you have any questions about these rights, or you would like to exercise any of them, please contact us by submitting a request to [email protected].

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.