Site Logo
Site Logo

CANDIDATE PRIVACY NOTICE

WHAT IS THE PURPOSE OF THIS DOCUMENT?

The OrganOx group of companies includes OrganOx Limited, OrganOx (Europe) Limited and OrganOx Inc. In this privacy notice, we refer to any OrganOx group company as OrganOx, we, our or us.

OrganOx is committed to protecting your privacy and security of your personal data.

The relevant OrganOx entity to whom you apply is the controller in relation to your personal data. The controller is responsible for deciding how to hold and use personal information about you. With regards to OrganOx Inc, please note that this privacy notice will only apply to OrganOx Inc to the extent it processes your personal data as a controller and you are based in the UK or EEA.

This privacy notice makes you aware of how and why your personal data will be used, namely for the purposes of the recruitment exercise (whether you apply to work with us as an employee, worker or contractor), and how long it will usually be retained for, in accordance with UK, EU and Swiss data protection laws (if applicable).

DATA PROTECTION PRINCIPLES

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

WHO IS YOUR PERSONAL INFORMATION COLLECTED FROM?

We collect personal information about candidates from the following sources, for example:

  • You, the candidate.
  • Recruitment agency, who typically provides us with information that you provide as part of the recruitment process such as curriculum vitae and cover letter, as well as feedback regarding interviews and application process.
  • Background check provider, who typically provide us with information related to your work history, education, and confirmation of your identity and references (we will comply with local laws when we do this and the scope of any background check will depend on the role that you apply for).
  • Credit reference agency, who typically provide us with information such as your name, date of birth, your linked addresses, your previous names/aliases, addresses linked to these names/aliases, electoral register status, county court judgements, any criminal convictions, individual voluntary arrangement, bankruptcy, re-possessions, details of any credit accounts, payment history and any outstanding balances in your name (we will comply with local laws when we do this and the scope of any credit reference check will depend on the role that you apply for).
  • In the UK, the Disclosure and Barring Service in respect of criminal convictions.
  • Your named referees such as your former employer, who would usually share information about the dates of your employment with them and roles held.
  • Any information published about you published online on publicly accessible sources such as LinkedIn, Facebook, Instagram, public records and otherwise.

We may also receive personal information from you from another OrganOx group company.

THE KIND OF INFORMATION WE HOLD ABOUT YOU

In connection with your application for work with us, we will collect, store, and use the following categories of personal data about you:

  • The information you have provided to us in your curriculum vitae, covering letter or application form (as applicable) including your name, title, address, telephone number, personal email address, immigration status, information about your right to work in the UK, EU or Switzerland, education history, qualifications and employment history.
  • Any information you provide to us during the application or interview process including relocation preferences, information regarding previous roles, and assessment responses and results. .
  • Information that you have provided to us in relation to any previous application made to us (including any OrganOx group company) and/or any information related to previous employment with us (including any OrganOx group company).
  • Information obtained from sources other than yourself as previously referred to in this privacy notice.
  • CCTV (and video doorbell) footage in the event that you visit our premises as part of the recruitment process.
  • This may involve us collecting, storing and using the following types of more sensitive personal information:
  • Information about your race or ethnicity, religious or philosophical beliefs, sexual orientation.
  • Information about your health, including any medical condition, health and sickness records.
  • Information about criminal convictions and offences.

HOW WE WILL USE INFORMATION ABOUT YOU

  • Assess your skills, qualifications, and suitability for the role.
  • Carry out background and reference checks, where applicable.
  • Communicate with you about the recruitment process.
  • Keep records related to our hiring processes.
  • Comply with legal or regulatory requirements.

It is in our legitimate interests to decide whether to appoint you to the role you have applied for since it would be beneficial to our business to appoint someone to that role.

We also need to process your personal information to decide whether to enter into a contract with you.

It is in our legitimate interest to process your image (and potentially audio recording) when you visit our premises to ensure the safety of you and our personnel at our premises, as well as ensure the security of our premises. We will also process this data for crime prevention purposes.

If you fail to provide personal information

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require a credit check or references for this role and you fail to provide us with relevant details, we will not be able to take your application further.

HOW WE USE PARTICULARLY SENSITIVE PERSONAL INFORMATION

Where appropriate we will use your particularly sensitive personal information in the following ways:

  • We use information about disability to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview.
  • We use information about racial or ethnic origin, religious or philosophical beliefs, disability or sexual orientation to ensure meaningful equal opportunity monitoring and reporting.

We understand that positions under local law can vary in relation to monitoring (for example in relation to equal opportunities monitoring), and we only carry out such activities in accordance with relevant laws. In the UK (or in respect of UK based data subjects), where we process special category data for prospective employment purposes, we have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

INFORMATION ABOUT CRIMINAL CONVICTIONS

We envisage that we will process information about criminal convictions.

We will collect information about your criminal convictions history if we would like to offer you the role (conditional on checks and any other conditions, such as references, being satisfactory). We are entitled to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the role.

We understand that positions under local law can vary in relation to information about criminal convictions, and we only carry out such activities in accordance with relevant laws. In the UK (or in respect of UK based data subjects), where we process criminal offence data for prospective employment purposes, we have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.

AUTOMATED DECISION-MAKING

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

DATA SHARING

Why might you share my personal information with third parties?

We will only share your personal information with the following third parties for the purposes of processing your application:

  • other entities within our OrganOx group;
  • service providers (for example, IT service provider, hosting services or benefit providers) who may have access to your personal data;
  • professional advisers including lawyers, bankers, auditors, accountants, business advisers, brokers and insurers;
  • relevant government organisations or other law enforcement agencies; and
  • third parties to whom we may choose to sell, transfer or merge parts of our business or our assets or who may choose (or contemplate) to invest in us. Alternatively, we may seek to acquire other business or merge with them.

All our third-party service providers and other entities in the OrganOx group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will also share your personal data with recruitment agents relevant to any application for recruitment process relevant to you (for example communicating the outcome of any interviews, whether or not an offer is made to you, and relevant details of that offer). Recruitment agents typically act as data controllers and will have their own privacy notices.

Depending on the third party that data is transferred to, your information may be sent outside of the UK, European Economic Area (EEA) and/or Switzerland such as the US.

Whenever we transfer personal data outside the UK, EEA and/or Switzerland to countries which have laws that do not provide the same level of protection as the UK, EU and/or Swiss law, we always ensure that as similar degree of protection is afforded to it by ensuring that the following safeguards are implemented:

  • We use specific standard contractual terms approved for use in the UK by the UK government, the EEA by the European Commission and/or Switzerland by the Swiss government, in each case which give the transferred personal data the same protection as it has in the UK, the EEA and/or Switzerland (as applicable).
  • We will only transfer your personal data to countries that have been to provide an adequate level of protection for personal data by the UK government, European Commission or Swiss government, as applicable.

If you require further information in respect of the safeguards used by OrganOx, please contact our DPO using the details set out below.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

How long will you use my information for?

We will retain your personal information for a period of 12 months after we have communicated to you our decision about whether to appoint you to the role. We retain your personal information for that period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. After this period, we will securely destroy your personal information in accordance with our data retention policy.

If we would like to retain your personal information on file, on the basis that we might be able to consider you for an opportunity that may arise in future, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period for that purpose.

RIGHTS OF ACCESS, RECTIFICATION, ERASURE, OBJECTION, RESTRICTION AND DATA PORTABILITY

Your rights in connection with personal information

Under certain circumstances, by law you have certain rights explained below. These rights apply in respect of our UK entities irrespective of where you are based. However, if you are based in the UK, EEA or Switzerland, the above rights will also apply in respect of our US entity.

Your rights are:

  • Request access to your personal information (commonly known as making a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request rectification of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our data protection officer (DPO) whose contact details are privacy@organox.com.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. If there are reasons why we cannot comply with your request, we will explain this to you.

QUESTIONS OR COMPLAINTS

OrganOx Limited has appointed a DPO, and OrganOx (Europe) Limited and OrganOx Inc have appointed a data compliance officer to oversee compliance with this privacy notice. A reference to DPO in this privacy notice includes the data compliance officer. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO.

If you have any questions or concerns about this privacy notice or how we handle your personal information, please contact our DPO who has been appointed to oversee compliance with this privacy notice and whose contact details are privacy@organox.com.

You have the right to make a complaint at any time to the UK’s Information Commissioner's Office (ICO) who is responsible for data protection issues in the UK or any other relevant supervisory authority in the country in which you are based.

Last updated 2 May 2025.

—------------------------------------------------------------------------------------------------------------------

PRIVACY AND COOKIE POLICY

  1. IMPORTANT INFORMATION AND WHO WE ARE

This Privacy & Cookies Policy gives you information about how the OrganOx Group collects and uses your personal data when you interact with us, including any data you may provide when you:

  • visit our website (https://www.organox.com/) (Website);
  • subscribe to receive news and other information from us;
  • use our services and applications, including [NAME OF MESSENGER APP] and [NAME OF REMOTE METRA ACCESS APP];
  • attend our events;
  • engage with us on social media;
  • request information from us or provide information to us;
  • supply goods or services to us (or you work for an organisation that does);
  • attend our offices; or
  • contact us by any means.

The Website is not intended for children and we do not knowingly collect data relating to children.

This Privacy & Cookies Policy also applies to Shareholder Data that we might process from time to time (as described below).

This Privacy & Cookies Policy does not apply:

  • to the processing of personal data by an OrganOx Group Company as part of a clinical trial or research. Trial or research participants will be provided with a separate privacy information in respect of this.
  • where you are applying to work for an OrganOx Group Company, please find our Candidate Privacy Notice here, which provides you with further information on how we process your personal data during the recruitment process.

Controller

The OrganOx Group is made up of the following different legal entities:

  • OrganOx Limited (company number 06557113);
  • OrganOx (Europe) Limited (company number 15961354); and
  • OrganOx, Inc.

This Privacy & Cookies Policy is issued on behalf of the OrganOx Group so when we mention OrganOx, we, us or our in this Privacy & Cookies Policy, we are referring to the relevant company in the OrganOx Group responsible for processing your data. In some cases, we will specify the relevant OrganOx Group company.

OrganOx Limited is the controller and responsible for the Website. OrganOx Limited has appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Privacy & Cookies Policy. If you have any questions about this Privacy & Cookies Policy, including any requests to exercise your legal rights, please contact the DPO using the information set out below.

OrganOx (Europe) Limited is the controller and responsible for our applications, [NAME OF MESSENGER APPLICATION] and [NAME OF REMOTE METRA ACCESS APP].

Processor

In some circumstances, we may process your personal data as a data processor on behalf of another organisation, who would be the controller. This may apply, for example, where we process your personal data in the course of providing services to one of our customers who is your employer. Where this applies, the controller is responsible for responding to any questions you may have about how your personal data is processed, including any requests to exercise your legal rights, and we will pass your correspondence to them to respond.

  1. THE TYPES OF PERSONAL DATA WE COLLECT ABOUT YOU

Personal data means any information about an individual from which that person can be identified.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, title/ job title, username or similar identifier, as well as organisation details.
  • Contact Data includes email address and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you interact with and use the Website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
  • Shareholder Data includes information relating to actual, potential or former individual shareholders of OrganOx, as well as representatives of institutional or corporate shareholders of OrganOx, which may include details of your participation in OrganOx's affairs as an individual shareholder or representative of an institutional or corporate shareholder (as applicable), such as attendance at and contribution to meetings, voting records etc, details of your respective shareholdings and any other information which is required to be recorded about you as a shareholder by law or which we hold in relation to your current or former shareholding or which we may acquire in connection with any discussions relating to potential shareholding.

We do not collect Special Category Data about you (i.e. details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data) except in very limited circumstances.For example, you might provide such information to us if you were to inform us of any dietary requirements in connection with religious or health reasons, or particular access requirements due to any health reasons if you were to be attending an event that we organise.In this case, your provision of the information would indicate your consent to us using the data for this purpose.

We (and service providers that we use) also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with the Website to help improve the Website and our service offering. We, or our service providers, may collect and aggregate individuals' Usage Data in an anonymised form to assess how features that are provided are used and make service improvements and for other business purposes. In some circumstances we also may have access to and use anonymised data from which we cannot identify any individuals.

  1. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

  • Your interactions with us. You may give us your personal data by filling in online forms, by corresponding with us by post, phone, email or otherwise or when you visit our premises. This includes personal data you provide when you interact with us as set out above.
  • Automated technologies or interactions. As you interact with the Website and applications, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see the ‘Cookies’ section below for further details.
  • Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
    1. Technical Data is collected from the following parties:
      1. analytics providers;
      2. advertising networks; and
      3. search information providers.
    2. Contact and Transaction Data is collected from providers of technical and delivery services.
    3. Identity and Contact Data is collected from publicly available sources such as Companies House and social media platforms such as LinkedIn.
  1. HOW WE USE YOUR PERSONAL DATA

Legal basis

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

  • Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you or the organisation that you work with the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
  • Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter. In some cases, such as where we carry out a clinical trial, we would also request your specific consent.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Use

Type of data

Legal basis

To manage our relationship with your organisation as a customer, including:

  1. to register your organisation as a new customer for any of our applications;
  2. to provide support services in respect of any of our products or applications; and
  3. to communicate with you on social media platforms.

(a) Identity

(b) Contact

(c) Profile

Necessary for our legitimate interests (to perform our obligations under a contract with your organisation)

To process and deliver goods and services to your organisation, including:

  1. Manage payments, fees and charges
  2. Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Marketing and Communications

Necessary for our legitimate interests (to perform our obligations under a contract with your organisation and to recover debts due to us)