Skip to main content

CNX Therapeutics Privacy Notice

Last Updated: April 2024

This privacy notice is intended for:

  • users of CNX products and services;
  • visitors to CNX’s website;
  • users of CNX systems;
  • members of the general public who are interested in contacting or are being contacted by CNX; and
  • any individual who has received this notice and to whom any other current privacy notice of CNX does not apply.

We understand that privacy is important to you. We are committed to treating your personal information with care and integrity.

Our privacy notice tells you what personal information we collect and how we collect it. It explains what we use your personal information for and how we protect your personal information and keep it safe. This privacy notice explains our general practices.  However, where local laws or regulations require that we process information differently, or refrain from such processing, we will always comply with the applicable local law.

CNX Therapeutics values your privacy.  CNX Therapeutics is a group of companies made up of CNX Therapeutics Limited (a company registered in England and Wales with company number 03363032) and its subsidiaries and affiliates (the Group). When we say “CNX”, “we”, “us” or “our”, we are referring to the relevant company in the Group responsible for processing your data.

Personal information means any information or piece of information which could identify you either directly (e.g. your name) or indirectly (e.g. a unique ID number).

Who is the controller of your personal information?

CNX Therapeutics Limited (mailing address: CNX Therapeutics Limited, LABS House, 15-19 Bloomsbury Way, London WC1A 2TH), together with any other Group company which has a relationship with you, are the controllers of your personal information.

Contact information and your privacy point of contact

If you want to exercise your rights, have any questions about this privacy notice, need more information or would like to raise a concern or opt out of any programs or services, please contact us by email to: or by post to CNX Therapeutics Limited, LABS House, 15-19 Bloomsbury Way, London WC1A 2TH.

For more information about your privacy and data protection rights, or if you are not able to resolve a problem directly with us and wish to make a complaint, please contact your country-specific data protection authority or CNX’s lead data protection supervisory authority, the Information Commissioner’s Office (ICO), the UK regulator for data protection issues ( or on 0303 123 11134). We would appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

What personal information do we collect about you?

The personal information we collect, and process, may include:

  • Basic identity information – your name, surname (including prefix or title), any previous names, user names or similar identifier, marital status, alias, gender, age or date of birth, as well as your preferred language. This website is not intended for, or designed for, children and we do not knowingly collect personal data relating to children.
  • Contact information – information that enables us to contact you, including without limitation your personal and/or business email, mailing address and telephone numbers;
  • Technical and network activity information – information about your device and your usage of our website and systems, including your IP address, device ID, hardware model and version, mobile network information, operating system and other online identifiers, type of browser, browsing history, search history, access time, pages viewed, URLs clicked on, forms submitted, and physical location;
  • Financial information – your bank details, including account name, account number and sort code;
  • Product use – data related to your use of our products (including feedback), your interactions with us, your preferred method of communications with us, and services you may use; and
  • Health information – your health status, health conditions you are experiencing and health information inferred from information that you have provided to us.

You can choose not to give us personal information when we ask you for it. If you decide not to give us your personal information, it may restrict our relationship with you.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

How do we collect your personal information?

Directly from you when you:

  • Use our website, apps and systems;
  • Get in touch for support or to provide feedback;
  • Share adverse events or medical information enquiries with us.

From other sources:

  • Publicly accessible sources;
  • When you talk about us online, such as mentioning CNX or its products on LinkedIn.

We also combine information about you from various sources, including the information you provide to us and personal information, which is collected during your relationship with us.

How do we use your personal information?

We use your personal information for the purposes we have described below in this privacy notice, or for purposes which are reasonably compatible with the ones described.

To manage our relationship with you.

We will use your personal information to:

  • Provide our products and services to you;
  • Provide online services such as employment opportunities and financial results;
  • To respond to your queries and provide you with information when you request it;
  • Personalise your experience when interacting with CNX;
  • Perform a contract with you;
  • Report the adverse events you notify us about; and
  • Perform analytics, market research and segmentation to understand your preferences, improve our products and services and our communications to you.

To manage and improve our processes and our business operations.

We will use your personal information to:

  • Manage our network and information systems security;
  • Manage our workforce effectively;
  • Respond to reports you make of a possible side effect associated with one of our products and to monitor the safety of our products;
  • Keep records related to our relationship with healthcare professionals;
  • Perform data analyses, auditing and research to help us deliver and improve our CNX digital platforms, content and services;
  • Monitor and analyse trends, usage and activities in connection with our products and services to understand which parts of our products and services are of the most interest and to improve them accordingly; and
  • Prepare and perform management reporting and analysis, including analytics and metrics.

To achieve other purposes.

We will use your personal information:

  • To follow applicable laws and regulations;
  • To respond to requests from competent public authorities;
  • To tell you about changes to our terms, conditions and policies;
  • To exercise or defend CNX against potential, threatened or actual litigation;
  • To investigate and take action against illegal or harmful behaviour of users;
  • To protect CNX’s or your vital interests, or those of another person;
  • When we sell, assign or transfer all or part of our business.

Why are we allowed to collect and use your personal information?

We can collect and use your personal information when one of the following applies:

  • To take steps before entering into a contract or perform a contract;
  • To follow the law, for example:
    • Record-keeping, regulatory monitoring and reporting obligations, including those related to adverse events, product complaints and product safety; and
    • Complying with anti-corruption and transparency obligations;
  • You have specifically given us your permission when such permission is obligatory (the law calls it “consent”). You can withdraw your consent at any time. We will normally need your consent in the following circumstances:
    • Placing cookies on your device to find out how you use our websites so we can personalise what you see by tailoring content and notifications to the things you are interested in;
    • Certain situations where you share sensitive information about yourself, such as your health;
    • In any other situation where personal information processing relies upon your consent.
  • We need to use your personal information for legitimate business purposes, for example, to enable us to run our business successfully. These include, without limitation,:
    • Sending direct marketing materials to you (you will always have the right to opt out of marketing and promotional communications);
    • Conducting audits and internal investigations and complying with internal policies on anti-bribery and conflict of interest;
    • Managing our IT and communications systems and networks;
    • Planning and improving our business activities;
    • Conducting training and gathering feedback for ensuring quality control;
    • Protecting our rights, privacy, safety or property, and/or that of our affiliates, you or others;
    • To provide the functionality of the services we provide you;
    • Analysing or predicting your preferences to identify aggregated trends to develop, improve or modify our products, services and business activities;
    • Responding to and handling your queries or requests;
    • Sending administrative information to you, such as changes to our terms, conditions and policies;
    • Completing transactions with you; and
    • Reaching out to you to provide information about our products;
  • For the establishment, exercise or defence of legal claims or proceedings;
  • To protect your vital interests or those of others; and
  • Because it is necessary for reasons of substantial public interest, on the basis of applicable laws.

How do we protect your personal information?

We want to make sure your personal information is not shared with or used by those not allowed to see it. We use a variety of security measures and technologies to help protect your personal information.

We carefully choose service providers to work with, and check they have security measures and technologies in place to protect your personal information.
However, there are no guarantees that a data transmission or storage system is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us using the details at the ‘Contact information and your privacy point of contact’ section.

What are your rights regarding your personal information?

You have rights we need to make you aware of. The rights available to you depend on our reason for processing your personal information and the local law in your jurisdiction, and there are exceptions to some rights. Depending on this you may have the right to:

  • Withdraw your consent to us processing your personal information for direct marketing purposes;
  • Ask CNX about the processing of your personal information including to be provided with copies of your personal information;
  • Ask us to correct information you think is inaccurate or incomplete;
  • Ask us to delete your personal information;
  • Ask us to restrict the processing of your information;
  • Object to our processing of your personal information;
  • Ask that we transfer information you have given us from one organisation to another, or to give it to you; and
  • Complain to your local data protection authority.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

You can find out how to get in touch with us to ask us to do any of the above by looking at the ‘Contact information and your privacy point of contact’ section.

For your protection, and to protect the privacy of others, we may need to verify your identity before completing what you have asked us to do. We will try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Where we have relied upon your permission to use your personal information, and you later withdraw that permission, we may not be able to complete some of the activities described in ‘How do we use your personal information’.

How long do we keep your personal information?

In some jurisdictions, we are legally required to keep your personal information for certain periods. How long depends on the specific legal requirements of the jurisdiction you are in when you share your information with us.

We will always keep your personal information for the period required by law and where we need to do so in connection with legal action or an investigation involving CNX. Otherwise, we will keep your personal information for as long as we have a relationship with you and we will store and retain the data in accordance with our record retention policy, after which it will be deleted. Please note that certain information could be retained for longer periods of time if we have continuing obligations to you or if required by local law.

With whom do we share your personal information?

We share your personal information on a need to know basis, and to the extent necessary to follow laws and regulations, and in the context of managing our relationship with you.

We share your personal information only with teams in our Group who need to see it to do their jobs.

In some countries, our relationship with you is managed for us by specialised service providers. We will share your personal information with their people and teams who need to see it as part of their job.

We will also share your personal information with other entities, for example:

  • Employment and recruitment agencies;
  • Technology suppliers who work with us to develop and improve our websites;
  • Any entity who may acquire us or part of our business or brands;
  • Suppliers managing adverse event reports;
  • Local or foreign regulators, courts, governments and law enforcement authorities; and
  • Professional advisors, such as auditors, accountants and lawyers.

In what instances do we transfer your personal information outside of your home country?

CNX commercialises and distributes a portfolio of speciality brands and hospital products in countries worldwide. Therefore, we may need to transfer and use your personal information outside of the country where we collect it from you. We implement appropriate measures to protect your personal information when we transfer your personal information outside of your home country. The data privacy laws in the countries we transfer it to may not be the same as the laws in your home country. Law enforcement agencies, regulatory agencies, security authorities or courts in the countries we transfer your personal information to may have the right to see your personal information.

Additional information if you are based in the European Economic Area (EEA)

The European Commission recognises that some countries outside the EEA have similar data protection standards. The full list of these countries is available here.

If we transfer your personal information to a country not on this list, we will use specific international transfer contracts approved for us in the UK which give personal data the same protection it has in the UK.

Cookies and Use for Analytics

Our websites may use cookies and similar technologies. These are small files of letters and numbers stored by us on your browser or the hard drive of your computer that help us to identify you and your device. We use this information to help build a better experience for you, such as letting us know which pages you’ve visited, and to be able to alter the content of the website dynamically to be appropriate for you. We may also share this information with other companies in the Group and with other third parties.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. These essential cookies are always enabled because our website won’t work properly without them. You can switch off these cookies in your browser settings but you may then not be able to access all or parts of our website.

Functionality cookies. These are used to recognise you when you return to our website. This enables us to remember your preferences (for example, your choice of language).

Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and items displayed on it more relevant to your interests.

Except for essential cookies, all cookies will expire as set out in the table below:

Cookie nameDescriptionExpiration
_gaDistinguishes users2 years
_ga_<container-id>Persists the session state2 years
aviaCookieConsentSet if you accept cookies1 year
aviaPrivacyRefuseCookiesHideBarPrevents the cookie notice appearing if you refuse cookies1 year
aviaPrivacyEssentialCookiesEnabledSet if essential cookies are enabled1 year


Ensures cookies must be opted in to1 year
aviaPrivacyGoogleTrackingDisabledPrevents Google analytics1 year

You can choose to accept or decline cookies. If you choose to decline cookies, not all elements of our websites or services may function as intended, so your experience may be affected.  To the extent that your local laws consider the information collected by cookies and other technologies as personal information, we will treat that information to the standards set out in this privacy notice.

Our website use Google Analytics, a web analytics service provided by Google, Inc. and its subsidiaries. Google Analytics, subject to its privacy policy, uses cookies to analyse use patterns and may collect information about your use of the website, including your IP address. More information on Google Analytics can be found here. Google Analytics offers an opt-out provision for website visitors who do not want their data to be collected. If you would like to opt-out of having your data used by Google Analytics, you can opt out here.

How do we update this Privacy Notice

From time to time, we will update this Privacy Notice. Any changes become effective when we post the revised Privacy Notice on our website. This Privacy Notice was last updated as of the “Last Updated” date shown above. If changes are significant, we will provide a more prominent notice to let you know what the changes are.

Our responsibility regarding websites that we do not own or control

As a convenience to our visitors, our website and applications may contain links to websites we do not own or control. Our Privacy Notice does not cover them. We are not responsible for the collection or use of personal data by or on any third-party websites. Therefore, we disclaim any liability for any third party’s use of personal data obtained through using the third-party websites. Please read the privacy notices on those websites if you would like to find out how they collect, use and share your personal information.