Effective on: [October 13, 2023]
Suzhou Transcenta Therapeutics Co., Ltd (“Transcenta”, “we”, “us”, “our”) takes the protection of personally identifiable information (“Personal Data”) very seriously.
This Privacy Notice (the “Notice”) only addresses data subjects who are located in the European Economic Area (EEA) (which includes the Member States of the European Union (EU) plus Norway, Iceland, and Liechtenstein), the United Kingdom (UK), and the People's Republic of China (“China”), whose Personal Data we may receive directly through our website: https://www.transcenta.com/.
Please read this Notice carefully to learn what we are doing with your Personal Data, how we protect it, and what privacy rights you may have under applicable data protection and privacy laws, such as the European Union General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), and the Chinese Protection of Personal Information Law of 2021 (PIPL).
Human Resources Personal Data
This Notice does not apply to Personal Data collected by any other means or in other contexts, such as the Personal Data of Transcenta’s employees, job applicants, contractors, business owners, officers, directors, or staff of Transcenta. This means, for example, that this Notice does not describe our processing of your Personal Data nor your data protection rights when you apply to one of our job openings on our website.
Information Which Does Not Constitute Personal Data
If we maintain information in a manner that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, with a particular individual or household, such information is not considered Personal Data and this Notice will not apply to our processing of that information.
Within the scope of this Notice, Transcenta acts as a data controller under the GDPR and the UK GDPR for the Personal Data we process or handle. The concept of a “data controller” under the GDPR and UK GDPR is the equivalent of the concept of a “personal information handler” or “personal information processor” under the PIPL and therefore, for the purposes of this Notice, the term “data controller” can be understood to mean a “personal information handler” or “personal information processor.”
We may process your Personal Data on the basis of:
● your consent;
● the need to perform a contract with you;
● our legitimate interests, such as our interest in operating and maintaining our website effectively;
● the need to comply with the law; or
● any other ground, as required or permitted by law.
When we rely on legitimate interests as a lawful basis of processing, you have the right to ask us more about how we decided to choose this legal basis. To do so, please use the contact details provided below.
Where we process your Personal Data based on your consent, you may withdraw it at any time. However, this will not affect the lawfulness of our processing before you withdrew your consent. It will also not affect processing performed on other lawful grounds.
We may receive your Personal Data:
● when you provide it to us directly by visiting our website; and/or
● when you complete any forms on our website.
We may process the following types of Personal Data:
● basic identifying information, such as your first and last name;
● contact information, such as your phone number, physical address, and email address; and/or
● any other information you choose to share with us when you visit our website.
We may process your Personal Data for the purposes of:
● responding to your requests or questions arising from your use of our website; and
● operating and improving the functionality of our website, including maintaining functionality of our websites, diagnosing technical and service problems, detecting and preventing unlawful behavior, and complying with our legal and regulatory obligations.
The methods of processing include, but are not limited to, collection, storage, use, processing, transmission, provision, disclosure, and deletion of your Personal Data as may be necessary to fulfill the above purposes.
We will retain your Personal Data for only as long as is necessary to fulfil the purpose for which we collected your Personal Data (listed above) and any other permitted linked purpose, and in compliance with any applicable laws and our legal obligations.
We may share Personal Data with our subsidiaries and affiliates, as well as with service providers, who process Personal Data on our behalf, and who agree to use the Personal Data only to assist us in relation to our website or as required by law. Our service providers may provide:
● application hosting services;
● cloud storage services; and/or
● web development services.
Some of these third parties may be located outside of the EEA, UK, or China. If you are in the EEA or UK, please note that for transfers of Personal Data to third countries which are not recognized as providing an adequate level of protection, we will only transfer Personal Data from the EEA, and the UK to third parties in those countries when there are appropriate safeguards in place. These safeguards may include the Standard Contractual Clauses, as approved by the European Commission under Article 46.2 of the GDPR, and the UK’s International Data Transfer Agreement or International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses, as approved by the UK Information Commissioner’s Office.
If you are in China, please note that we will only transfer your Personal Data outside of China in accordance with the PIPL.
The above third parties are generally not considered data controllers but if we do share your Personal Data with any data controllers, and if required by applicable law, we will obtain your consent for such disclosure and inform you of such data controller’s name, contact information, and details relevant to the nature of the processing that such data controller will conduct.
We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials, or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal business purpose. Such data does not include any Personal Data. The purposes may include, amongst other things, analyzing usage trends.
If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.
We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. This includes unauthorized access, disclosure, alteration, or destruction.
If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability and the right to request that we explain our processing practices to you.
To exercise any of your privacy rights or raise any other questions, please contact us by using the information in the “Contact Us” section below.
Our website is not directed at, or intended for use by, children.
European Economic Area and UK
If the GDPR or UK GDPR applies to our processing of your Personal Data, you have the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data.
Specifically, with regards to the GDPR, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the GDPR. In the UK, you can lodge a complaint with the UK Information Commissioner’s Office.
China
If you are a data subject in China whose Personal Data we process, you have the right to lodge a complaint with the relevant enforcement authorities.
If you have any questions about this Notice or our processing of your Personal Data, please contact us at:
Suzhou Transcenta Therapeutics Co., Ltd.
Attn: 218 Xinghu Street, Biobay, Building B6, Suite 501
Suzhou, China
Data-protection@transcenta.com
We have appointed our Chief Operating Officer as our Personal Information Protection Officer (PIPO) in China that may be contacted on matters related to the processing of Personal Data in China. Our PIPO’s contact details are:
B6-501, 218 Xinghu Street, Biobay
Suzhou, Jiangsu Province, China
Email: Data-protection@transcenta.com
If we make any material change to this Notice, we will post the revised Notice to this web page. We will also update the “Effective” date. By continuing to use our website after we post any of these changes, you accept the modified Notice.