EFEC | UK-China Life Sciences Innovation Hub
Privacy Policy
Last updated: 06 October 2025
Welcome to EFEC UK-China Life Sciences Innovation Hub (“we”, “us”, “our”, “EFEC”). We are committed to protecting your privacy and handling your personal data in a secure, transparent and lawful way. This policy explains how we collect, use, share, and protect personal data when you visit or interact with our site (efec-hub.com), subscribe for newsletters, or otherwise engage with our services.
If you are located in the UK, the EU, or in China, this policy also describes additional rights and protections available under applicable laws.
1. Who we are
- Controller / operator: EFEC
- Website: https://www.efec-hub.com
- Contact email for data protection or privacy enquiries: info@efec-hub.co
If you are in the UK, you can also contact the UK Information Commissioner’s Office (ICO) (www.ico.org.uk) in relation to data protection complaints.
2. Scope & legal basis
Scope/Territorial effect
In the UK, we act as a data controller when processing your personal data under UK GDPR / Data Protection Act 2018.
Under China’s Personal Information Protection Law (PIPL), our obligations apply where we process personal data of individuals in China (even if processing occurs outside China).
This policy applies to all collection, use, storage, transfer, disclosure or deletion of personal data we process in the course of our operations (website, newsletter, events, partner interactions, etc.).
Note: In China, the PIPL has extraterritorial effect when offering services or analyzing behavior of individuals in China.
Legal basis for processing (UK) / Ground (China)
We rely on one or more of the following as lawful bases for processing your personal data (UK) / grounds under PIPL (China):
| Purpose | UK legal basis | China PIPL ground(s) |
|---|---|---|
| Sending newsletters, updates, marketing communications | Consent / legitimate interests (where applicable) | Consent (explicit, voluntary) |
| Providing services, fulfilling contracts | Performance of a contract | Contract necessity |
| Compliance with legal obligations | Legal obligation | Statutory requirement |
| Protecting life, health, safety | — | Emergency necessity |
| Analytics, internal research, improvement | Legitimate interests (balanced) | Within reasonable scope of disclosed purpose / consent |
| Cross-border transfers | Necessity and safeguards | Must meet PIPL cross-border transfer conditions |
Under China’s PIPL, if the purpose, method, or type of data processing changes materially, we must obtain your new consent. For sensitive personal information (as defined under PIPL, e.g. biometrics, health, financial account), we must obtain separate, explicit consent and adopt stricter safeguards.
3. What personal data we collect & how
Categories of personal data
Depending on how you interact with us, we may collect:
- Identity & contact information: Name, title, affiliation, address, email, telephone
- Account / login data: Username, encrypted password, profile settings
- Interaction & usage data: Browsing history, IP address, device identifiers, cookies, analytics, click data
- Newsletter / communication data: Subscription preferences, email open / click statistics
- Event / networking data: Event attendance, preferences, session sign-ups
- Third-party / public data: LinkedIn or other publicly available data (where you consent or authorise it)
- Sensitive data (only where explicitly required and consented): e.g. health, identity documents (if needed for verification)
We do not generally collect sensitive information unless strictly necessary and with your explicit consent.
How we collect data
- Directly from you (when you register, subscribe, fill forms, attend events)
- Automatically through website technologies (cookies, analytics)
- From third parties (partners, public sources) with your consent or where allowed
Purpose & usage of your data
We use your data for:
- Delivering newsletters, alerts, announcements
- Operating, maintaining, improving our site and services
- Personalising your experience (content, recommendations)
- Analytics, research, insights
- Organising events, matching, networking
- Communication (responding to inquiries, support)
- Preventing fraud or abuse, ensuring security
- Complying with legal obligations (e.g. tax, audit, regulatory)
We will not use your personal data for purposes incompatible with those disclosed to you at collection, except where otherwise required by law.
4. Cookies, tracking & similar technologies
We use cookies and similar tracking technologies (e.g. web beacons, analytics scripts) to:
- Recognise you and your preferences
- Monitor site usage, performance, analytics
- Serve relevant content or advertisements
- Prevent fraud and detect misuse
You may choose to block or delete cookies via your browser settings; however, this may affect functionality or user experience.
We may also use third-party analytics (e.g. Google Analytics, etc.) subject to appropriate anonymisation, encryption, and data minimisation.
5. Sharing, cross-border transfer & disclosures
Sharing with third parties
We may share personal data with:
- Service providers / processors (hosting, email, analytics, CRM)
- Partners, sponsors, event venues (for event administration)
- Affiliates (if part of EFEC group)
- Legal, regulatory, or judicial authorities (if compelled)
- Acquirers in business mergers, transfers (with notice)
When we share, we contractually require these parties to apply equivalent safeguards, restrict use to approved purposes, and ensure confidentiality.
Cross-border transfers & China requirements
Because EFEC operates across jurisdictions, your personal data may be transferred across national borders (for example, from China to UK, or vice versa). Under China’s PIPL, cross-border transfers require:
- a security assessment by Chinese authorities (if required), or
- certification under China’s personal information protection regime, or
- use of a standard contract approved by Chinese regulatory authorities, or
- other measures as required under relevant rules.
We will take commercially reasonable measures (encryption, pseudonymisation, restricted data flows) to protect your data during transfer.
In the UK, transfers of data outside the UK must comply with UK data protection rules (adequacy or standard contractual clauses).
If you are in China and we transfer your data out of China, we will provide you with a clear explanation of the cross-border transfer mechanism, your rights, and safeguards in place.
6. Data retention & deletion
We retain personal data only for as long as necessary to fulfil the purposes for which collected (or for legal, audit, archival requirements). We periodically review retention schedules.
After the retention period expires, we will either delete, anonymise, or securely destroy your personal data.
Under PIPL, when the retention period is over, or the purpose is fulfilled, or you withdraw consent, or EFEC ceases providing services, we will delete or anonymise your personal data.
7. Your rights & how to exercise them
UK / UK GDPR / DPA 2018
If you are in the UK, you have the following rights:
- Right of access (you can request a copy of your personal data)
- Right to correction / update incorrect data
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to objection (particularly for direct marketing)
- Right to data portability (in certain cases)
- Right to withdraw consent at any time (for processing based on consent)
- Right to lodge complaint with the ICO
China / PIPL
If you are located in China or your data is processed under PIPL, you have the following rights:
- Right to access your personal information
- Right to correction or completion of data
- Right to deletion (“right to erasure”)
- Right to withdraw consent (does not affect prior processing)
- Right to limit or refuse processing
- Right to request portability
- Right to object
- Right to information about processing (purpose, method, scope, etc.)
- If your request is refused, you have the right to complain to Chinese authorities.
To exercise any of these rights, please contact us at info@efec-hub.com with sufficient identification to verify your request. We will respond within legally required timeframes (typically within 30 days, subject to extensions where permitted).
8. Security & safeguards
We take appropriate technical and organisational measures to protect personal data from accidental loss, unauthorised access, alteration, disclosure, or destruction. These may include:
- Encryption and secure protocols (TLS, SSL)
- Access controls, role-based permissions
- Network security, firewalls, intrusion detection
- Regular security assessments, audits, penetration tests
- Staff training, confidentiality agreements
- Backup and disaster recovery procedures
- Aggregation, pseudonymisation, data minimisation
We will promptly notify you and relevant authorities / regulators in the event of a personal data breach if required by law.
9. Children & minors
We do not knowingly collect personal data from children under the age of 14 in China (or lower age thresholds in UK). If we become aware that we have unintentionally processed data of a child without consent, we will delete it promptly.
If you are a minor and wish to use our services, please seek permission from a parent or guardian.
In China, for personal information of minors under 14, we must obtain consent from a parent or guardian.
10. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or legal/regulatory requirements. The “Last updated” date will reflect the latest revision.
Where changes are significant, we will provide you notice (e.g. via email or prominent banner) before the new policy becomes effective. Your continued use of EFEC services after changes constitutes acceptance of the revised policy.
Miscellaneous & legal disclaimers
- If any provision of this policy is held invalid under applicable law, such provision shall be modified or removed, and the remaining provisions shall remain in full force.
- To the extent allowed by law, our liability to you in relation to data protection is limited to direct damages and will exclude indirect or consequential losses.
- This policy does not create contractual rights enforceable by third parties, except as required under applicable data protection laws.