OXON’s Privacy Policy
OXON is strongly committed to protecting your privacy and below you can find the details of what we do to ensure all the personal data you provide is protected.
This Privacy Policy describes how we collect, use and safeguard the personal data you provide on oxonepi.com.
If you have any questions, e-mail privacy@oxonepi.com and our Data-Protection Officer will gladly assist you.
In accordance with the applicable personal-data-protection regulations (the UK GDPR, the EU GDPR (Regulation 2016/679), Spain’s Organic Law 3/2018 and the UK Data Protection Act 2018), we inform the User:
1. Personal Data Controller
Joint data controllers:
OXON Epidemiology Limited (Company No. 064 891 73) – 200 Northcote Road, London E17 7DH, United Kingdom
and its subsidiary OXON Epidemiology, S.L. (CIF B85534881) – C/ Doctor Fleming 51, 1º, 28036 Madrid, Spain.
Data-Protection Officer (DPO)
Grupo Adaptalia Legal Formativo S.L.
C/ Julián Camarillo 26, 28037 Madrid, Spain • ✉ privacy@oxonepi.com
By using this site and our services you consent to the processing of your personal data as set out below.
2. Definitions
Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person whose Personal Data is being Processed.
Child – a natural person under 16 years of age.
We/us (either capitalized or not) – OXON Epidemiology
3. Data Protection Principles
We adhere to the following principles:
– Lawfulness, fairness and transparency – we always consider your rights before processing your data.
– Purpose limitation – data are processed only for the purpose for which they were gathered.
– Data minimisation – we collect only the data required for that purpose.
– Storage limitation – we do not store your data longer than needed.
– Accuracy – we keep data accurate and up-to-date.
– Integrity and confidentiality – we protect data with appropriate security.
4. Data Subject’s rights
The Data Subject has the following rights:
1. Right to information – meaning you have the right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
2. Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
3. Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
4. Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
5. Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
6. Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
7. Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
8. Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
9. Right to lodge a complaint – in the event that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
10. Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
11. Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.
5. Data we gather
Information you provide
Contact form – name, e-mail, telephone, message.
Request-for-Proposal form – organisation, role, contact details, project description.
Work-with-Us / CV form – résumé/CV, cover letter, qualifications and contact details.
Information we collect automatically
This includes IP address, browser type, device identifiers, pages visited and timestamps, obtained through cookies and server logs.
6. How we use your Personal Data
We process your Personal Data to:
– Provide the services or information you request
– Respond to enquiries and manage proposals or job applications
– Improve your user experience and website interaction
– Comply with legal obligations
Processing is based on one or more of the following legal grounds: contract, consent, legal obligation, or legitimate interest.
Based on contract, we process your data when necessary to:
– Identify you
– Deliver a requested service
– Communicate for administrative or billing purposes
Based on legitimate interest, we may use your data to:
– Send relevant updates about similar services (unless you opt out)
– Analyse client needs to improve our services
– Conduct feedback or satisfaction surveys
Based on consent, we may:
– Send newsletters or promotional content
– Process your data for other specific purposes you have agreed to
– You can withdraw your consent at any time with future effect.
Based on legal obligation, we process your data:
– where required by applicable laws (e.g. tax, accounting, pharmacovigilance) and retain such data only as long as legally necessary.
Compatible purposes and anonymisation:
If we process data for a new but compatible purpose, we ensure it respects your rights and is properly safeguarded.
We may also anonymise data for research or statistical use outside the scope of this Policy.
7. Who else can access your Personal Data?
Service providers (hosting, analytics, recruitment software) bound by written data-processing agreements.
Regulators, courts or law-enforcement bodies when required by law.
We do not sell, rent or trade your data. International transfers, when necessary, rely on adequacy decisions or the EU/UK Standard Contractual Clauses.
8. How we secure your data
We protect Personal Data with HTTPS/TLS encryption, role-based access control, multi-factor authentication, backups and penetration tests. We monitor systems for vulnerabilities and will notify authorities and affected individuals of any data breach where legally required.
9. Children
Our website and services are not directed to children under 16, and we do not knowingly process their data.
10. Cookies and other technologies we use
We use:
Necessary cookies: Enable core features such as page navigation, form submission and secure log-in. The website cannot function properly without them.
Functionality cookies: Remember your choices (e.g. language, form fields, login status) so you do not have to re-enter information on each visit and can enjoy more-personalised features. You may accept or reject functionality and analytics cookies through the banner displayed on your first visit or at any time via your browser settings.
Analytics cookies: Help us understand how visitors use the site and measure performance (e.g. via Google Analytics). This allows us to improve content, usability and security. You can also remove cookies already stored on your device through your browser controls, or manage third-party cookies using tools such as optout.aboutads.info or youronlinechoices.com.
We use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review here. If you’d like to opt out of tracking by Google Analytics, visit the Google Analytics opt-out page.
11. Changes to this Privacy Policy
We may update this Policy from time to time.
Any changes will be posted on this page and the “Last updated” date will change accordingly.
12. Contact Information
Questions or requests? E-mail privacy@oxonepi.com
If you believe your rights have not been respected you may contact the UK Information Commissioner’s Office (ico.org.uk) or the Spanish Agencia Española de Protección de Datos (www.aepd.es, internacional@agpd.es, +34 913 996 200).
Last updated: May 2025