In the course of its normal business operations, Amici collects and processes personal data relating to identifiable individuals, including:
Customers
Users of its websites
Suppliers
Job Applicants
This Privacy Notice explains how Amici collects, uses, stores, and protects personal data, and outlines the rights of individuals in relation to their information.
Amici is committed to processing personal data in a lawful, fair, and transparent manner and in compliance with applicable data protection and privacy legislation. This includes the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), the Data (Use and Access) Act 2025, and, where applicable, the Swiss Federal Act on Data Protection (FADP), EU GDPR, and other applicable privacy laws.
In Scope
Amici is committed to protecting the confidentiality, integrity, and security of personal data. This Privacy Notice explains how we collect, use, store, share, retain, and protect personal data obtained through our business activities and interactions with individuals.
This includes personal data collected through:
Out of Scope
Our websites and services may contain links to third-party websites or services. Amici does not control and is not responsible for the content, security, or privacy practices of these external sites. This Privacy Notice does not apply to such third-party websites, and users are encouraged to review their respective privacy notices before providing personal data.
Amici Procurement Solutions Ltd is the parent company of Amici Life Science Solutions Inc trading as MyAmici.
Amici Procurement Solutions Ltd is the data controller for all the organisations within the group. This means that Amici Procurement Solutions Ltd determines the purposes and means of processing personal data across the group, including how personal data is collected, used, stored, and protected.
Our registered office address is:
Amici Procurement Solutions Ltd
3 Centura Court
Nasmyth Place
Hillington Park
Glasgow
G52 4PR
United Kingdom
If you have any questions about this Privacy Notice, how we process personal data, or if you wish to exercise your data subject rights, you can contact us at [email protected]
This contact point can also be used to raise any concerns or complaints about how Amici handles personal data, including how it is collected, used, stored, shared, retained, or deleted.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, if you believe your data protection rights have been infringed.
Amici has not appointed a Data Protection Officer but has designated responsibility for data protection matters to an appropriate member of staff who can be contacted via the email address above.
What types of personal information do we collect?
Amici collects and processes the following categories of personal data, depending on your relationship with us:
How is the information collected by Amici used?
We only process personal data where we have a lawful basis to do so. The main purposes, categories of data, and lawful bases are outlined below.
| Purpose | Personal data used | Lawful basis | Legitimate interest, where applicable |
| To provide our services, including account creation, order management, service delivery, requests, complaints, and enquiries | Name, company name, role, business email address, telephone number, account details, order information, support requests, complaint details, and related correspondence | Performance of a contract / legitimate interests | Delivering and managing our services, supporting customers, and maintaining accurate business records |
| To manage customer, supplier, and business relationships | Name, business contact details, company details, role, communication history, and relationship records | Legitimate interests / performance of a contract | Managing commercial relationships, responding to enquiries, and operating our business effectively |
| To send relevant business communications and marketing | Name, business email address, company, role, communication preferences, engagement information, and opt-out records | Legitimate interests / consent where required by PECR | Sending relevant B2B communications about our services and maintaining appropriate marketing suppression records |
| To manage consent and marketing preferences | Name, email address, consent status, unsubscribe records, and communication preferences | Legal obligation / legitimate interests | Ensuring we respect opt-outs and do not send unwanted marketing |
| To support recruitment and job applications | Name, contact details, CV, cover letter, interview information, references, work history, qualifications, and right-to-work information | Legitimate interests / steps prior to entering into a contract / legal obligation | Assessing suitability for roles, managing recruitment fairly, and keeping appropriate hiring records |
| To carry out background checks for selected roles, where applicable | Reference information, criminal conviction or offence information, and financial background information where relevant to the role | Legal obligation / legitimate interests / substantial public interest or other applicable condition under data protection law, where required | Assessing suitability for roles requiring a high degree of trust, integrity, financial responsibility, or access to sensitive information |
| To secure and improve our corporate website: www.amiciprocurement.com | IP address, device information, browser information, log data, usage information, and website interaction data | Legitimate interests / consent where required for non-essential cookies | Protecting the website, improving performance, understanding usage, and preventing misuse |
| To secure and improve our application platforms, including app.myamici.com and https://myamici.com/ | IP address, device information, log data, usage data, search activity, behavioural data, account activity, and security event data | Performance of a contract / legitimate interests | Providing, securing, monitoring, improving, and troubleshooting the application platforms |
| To comply with legal, regulatory, tax, accounting, audit, and contractual obligations | Relevant account, transaction, communication, financial, security, complaint, and rights request records | Legal obligation / legitimate interests | Demonstrating compliance and protecting Amici’s legal and commercial position |
| To detect, investigate, and respond to security incidents, misuse, complaints, or legal claims | Log data, access records, communication records, account activity, complaint information, and relevant correspondence | Legal obligation / legitimate interests | Protecting systems, customer data, employees, and business operations |
How long will my data be retained?
Amici retains personal data only for as long as necessary for the purpose for which it was collected, including where retention is required to meet legal, accounting, reporting, regulatory, audit, contractual, or dispute resolution requirements.
Retention periods are determined based on:
Our standard retention approach is as follows:
| Type of personal data | Retention approach |
| Customer account and service records | Retained for the duration of the customer relationship and then for the period required for contractual, legal, audit, tax, or dispute resolution purposes. |
| Order, transaction, billing, and finance records | Retained for the period required under applicable accounting, tax, audit, and legal requirements. |
| Supplier and business contact records | Retained for the duration of the business relationship and then for the period required for legal, audit, contractual, or dispute resolution purposes. |
| Website and application logs | Retained for a limited period based on security, troubleshooting, audit, and operational requirements. |
| Marketing records | Retained until you opt out, withdraw consent where consent is used, or the data is no longer required for marketing purposes. Suppression records may be retained to ensure we respect opt-outs. |
| Data subject rights requests and data protection complaints | Retained for the period required to demonstrate how the request or complaint was handled and to meet accountability obligations. |
| Job applicant data | Retained for 2 years after we communicate our recruitment decision, unless a longer period is required by law or you consent to a longer retention period for future opportunities. |
Third-party service providers and sub-processors
MyAmici uses trusted third-party service providers, including sub-processors, to support business operations and the delivery of our services. These providers may process personal data on our behalf.
We only use sub-processors where appropriate contractual safeguards are in place, including data processing terms where required. Sub-processors are required to implement appropriate technical and organisational measures to protect personal data.
Where a sub-processor transfers or processes personal data outside the UK, EEA, or Switzerland, we ensure that an appropriate transfer mechanism is in place, such as an adequacy decision, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, EU Standard Contractual Clauses, or another lawful transfer mechanism.
A current list of key third-party service providers and sub-processors involved in processing personal data is available below:
| Sub-processor | Service / purpose | Categories of personal data | Processing / hosting information |
| AIG | Staff administration and employee benefits support | Employee benefits and dependent information, where applicable | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Apollo.io | Sales and marketing intelligence | Business contact details and prospect contact or business information | Supplier-hosted environment |
| Bistrainer | Staff training and administration | Employee identity, business contact and employment start-date information | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Bupa Insurance Limited | Employee health insurance and benefits administration | Employee identity, contact, date of birth, benefits and dependent information, where applicable | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| DocuSign | Electronic signature and staff administration documentation | Identity and contact information, employment information, contract documentation, CVs and related staff administration information | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Eden Scott | Recruitment support | Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Hays | Recruitment support | Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Howden | Insurance and staff administration support | Employee identity and staff administration information | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| HubSpot | Customer relationship management, sales and marketing activities, and limited staff administration where applicable | Customer and prospect business contact information, communication records, and limited recruitment/staff administration information where applicable | Supplier-hosted environment and Amici-controlled business systems, as applicable |
| Hyper Recruitment Solutions | Recruitment support | Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| James Brown | Recruitment support | Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Microsoft Limited | Cloud hosting, Microsoft 365, MyAmici platform services, collaboration, storage, security, and internal business systems | Customer and user contact information, account and platform data, order and transaction data, finance information, application usage and security logs, staff administration, HR, payroll, benefits, recruitment and limited special category information where required | Microsoft-hosted cloud services and Amici-controlled Microsoft environments |
| Morris & Young Chartered Accountants | Accounting, payroll and staff administration support | Employee identity, contact, payroll, tax, banking, salary and pension information | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Net Talent | Recruitment support | Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Oakston | Recruitment support | Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Salesforce | Customer relationship management, sales and marketing activities, and limited staff administration where applicable | Customer and prospect business contact information, communication records, and limited staff administration information where applicable | Supplier-hosted environment and Amici-controlled business systems, as applicable |
| Sanderson | Recruitment support | Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Santander UK plc | Banking, payments and staff administration support | Employee identity, salary and bank account information | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| STEM Recruitment Solutions | Recruitment support | Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| The Royal London Mutual Insurance Society Limited | Pension administration | Employee identity, date of birth, National Insurance and pension information | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Three | Telecommunications and staff administration support | Employee address information where required for service administration | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| Xero | Accounting, finance and staff administration support | Employee identity, business contact, bank account and salary information | Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable |
| ZoomInfo | Sales and marketing intelligence | Business contact details and prospect contact or business information | Supplier-hosted environment |
This list includes the name of the relevant third-party service provider or sub-processor, the service provided, the categories of personal data involved, and processing or hosting information where available. We review sub-processors as part of our supplier assurance and data protection governance processes. Where we make material changes to our sub-processors, we will update the published sub-processor list.
Contact / Marketing
We may use your personal data to contact you:
Where required by law, including under PECR, we will obtain your consent before sending direct marketing communications.
You can opt out of marketing communications at any time by using the unsubscribe link included in emails or by contacting us at [email protected].
If you opt out of marketing, we may retain a suppression record to ensure we respect your preference.
We will continue to send essential service, account, contractual, security, or legal communications where necessary.
What is different for Job applicants?
In connection with your job application to work with Amici, we will collect, store and use the following categories of personal information about you:
We may also collect, store and use the following additional information, where applicable:
We do not require criminal conviction checks or financial background checks for every role. Where these checks are required, this will be because the role involves a high degree of trust, integrity, financial responsibility, access to sensitive information, or access to critical systems. We will only carry out these checks where they are necessary, proportionate, relevant to the role, and permitted by applicable law.
We collect personal information about candidates from the following sources:
We will use the personal information we collect about you to:
Where we process criminal conviction or offence information, we will do so only where permitted by applicable law and under an appropriate condition under the Data Protection Act 2018 or other applicable data protection legislation. We apply additional safeguards, including restricted access, secure storage, limited retention, and use of the information only for the relevant recruitment or compliance purpose.
It is in our legitimate interests to decide whether to appoint you to the role, as it is beneficial to our business to appoint a suitable candidate. We also need to process your personal information to decide whether to enter into a contract with you.
If you fail to provide information when requested, where that information is necessary for us to consider your application, such as evidence of qualifications or work history, we may not be able to process your application successfully. For example, if we require a credit check or references for the role and you do not provide the relevant details, we may not be able to take your application further.
You will not be subject to automated decision-making.
We will retain your personal information for a period of 2 years after we have communicated our decision about whether to appoint you. We retain your personal information for this period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment process in a fair and transparent way.
After this period, we will securely destroy your personal information in accordance with our data retention policy and/or applicable laws and regulations. If we wish to retain your personal information on file because a further opportunity may arise in the future, we will write to you separately and ask for your explicit consent to retain your personal information for a fixed period on that basis.
Access to personal data is restricted to authorised personnel on a need-to-know basis.
As a data subject whose personal information we hold, you have certain rights as follows:
We will still hold the data but will not process it any further. This right is an alternative to the right to erasure.
Amici uses cookies and similar technologies to ensure the effective operation of our websites and applications, improve user experience, support analytics, and, where applicable, support marketing and service improvement.
Some cookies are strictly necessary for our websites and applications to function. These cookies do not require consent.
Where required by applicable law, including PECR, we will obtain your consent before placing non-essential cookies on your device, including analytics or marketing cookies. You can manage or withdraw your cookie preferences through the cookie banner or preference centre available on our websites.
You can find more detailed information about the types of cookies we use, the purposes for which they are used, how long they remain on your device, and how to manage your preferences in our Cookie Policy. Cookies Policy page.
Whenever your personal data is transferred outside the UK, we ensure that an appropriate level of protection is maintained in accordance with applicable data protection laws.
Such transfers may occur where we use trusted third-party service providers (for example, cloud hosting, analytics, or business systems), which may store or process personal data in countries outside the UK, including the United States.
Whenever personal data is transferred internationally, we ensure that at least one of the following safeguards is in place:
The transfer is to a country that has been deemed to provide an adequate level of protection by the UK Government, the European Commission, or another applicable authority; or
Appropriate safeguards are implemented, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses (SCCs), EU Standard Contractual Clauses, or another lawful transfer mechanism; or
Another lawful exemption or transfer mechanism applies under applicable data protection law.
These measures are designed to ensure that your personal data receives an appropriate level of protection.
You can request further information about the relevant transfer safeguards by contacting us at [email protected].
Amici has implemented appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, use, alteration, or disclosure.
These measures include, but are not limited to:
Access controls restricting data to authorised personnel on a need-to-know basis
Encryption of data where appropriate
Monitoring and logging of systems to detect and respond to security events
Secure system and network configurations
Staff training and confidentiality obligations
Access to personal data is limited to employees, agents, contractors, and other third parties who have a legitimate business need to know. These parties will only process personal data in accordance with our instructions and are subject to confidentiality and data protection obligations.
Where we share personal data with third parties, we ensure that appropriate safeguards are in place, including contractual protections such as data processing agreements, to ensure that personal data is handled securely and in compliance with applicable laws.
The categories of third parties with whom we may share personal data include cloud hosting providers, IT and security service providers, business system providers, analytics providers, professional advisers, recruitment providers, payment, finance or accounting providers, group companies, regulators, law enforcement authorities, and other parties where sharing is required by law, contract, or legitimate business need.
We have established procedures to manage suspected personal data breaches. Where a breach is identified, we will investigate, take appropriate remedial action, and notify affected individuals and relevant regulators where required by law.
Amici will only use personal data for the purposes for which it was originally collected, unless we reasonably determine that a new purpose is compatible with the original purpose.
When assessing compatibility, we consider factors such as the relationship between the original and new purposes, the context in which the data was collected, and the reasonable expectations of the individual.
If we intend to use personal data for a purpose that is not compatible with the original purpose, we will notify you before doing so where required and explain the legal basis that permits such processing.
Any such changes in processing purpose are subject to appropriate internal review and approval in line with Amici’s data protection procedures.
Amici may update this Privacy Notice from time to time to reflect changes in legal requirements, regulatory guidance, or our data processing practices.
Any updates will be published on our website, and where appropriate, we will take reasonable steps to notify you of significant changes.
We encourage you to review this Privacy Notice periodically to stay informed about how we protect your personal data.
This Privacy Notice was last updated on 15 June 2026.
This Privacy Notice is reviewed regularly as part of Amici’s information security and data protection governance framework.
Amici has implemented policies, procedures, and controls to support compliance with applicable data protection and privacy legislation. These include processes for managing data subject rights requests, handling data protection complaints, responding to data security incidents and breaches, conducting supplier assurance, and completing Data Protection Impact Assessments where required.
Any comments, questions or suggestions about this privacy policy or our handling of your personal data should be emailed to [email protected].
Alternatively, you can contact us at our global HQ using the following postal address or telephone numbers:
Amici Procurement Solutions Ltd (trading as MyAmici)
3 Centura Court
Nasmyth Place
Hillington Park
Glasgow
UK G52 4PR
Telephone: +44 (0)141 810 2580
Our telephone switchboard is open 9:00 am – 5:00 pm GMT, Monday to Friday. Our switchboard team will take a message and ensure the appropriate person is informed.