Privacy Policy

Introduction.

In the course of its normal business operations, Amici collects and processes personal data relating to identifiable individuals, including:

Customers

Users of its websites

Suppliers

Job Applicants

This Privacy Notice explains how Amici collects, uses, stores, and protects personal data, and outlines the rights of individuals in relation to their information.

Amici is committed to processing personal data in a lawful, fair, and transparent manner and in compliance with applicable data protection and privacy legislation. This includes the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 (PECR), the Data (Use and Access) Act 2025, and, where applicable, the Swiss Federal Act on Data Protection (FADP), EU GDPR, and other applicable privacy laws.

Purpose.

In Scope

Amici is committed to protecting the confidentiality, integrity, and security of personal data. This Privacy Notice explains how we collect, use, store, share, retain, and protect personal data obtained through our business activities and interactions with individuals.

This includes personal data collected through:

Our corporate website: www.amiciprocurement.com
Our UK application platform: app.myamici.com
Our global application website, excluding UK users: https://myamici.com/
Direct interactions with customers, suppliers, job applicants, website users, and other stakeholders
This Privacy Notice also explains the rights individuals have in relation to their personal data and how those rights can be exercised.

Out of Scope

Our websites and services may contain links to third-party websites or services. Amici does not control and is not responsible for the content, security, or privacy practices of these external sites. This Privacy Notice does not apply to such third-party websites, and users are encouraged to review their respective privacy notices before providing personal data.

Who we are and how to contact Amici Procurement trading as MyAmici

Amici Procurement Solutions Ltd is the parent company of Amici Life Science Solutions Inc trading as MyAmici.

Amici Procurement Solutions Ltd is the data controller for all the organisations within the group. This means that Amici Procurement Solutions Ltd determines the purposes and means of processing personal data across the group, including how personal data is collected, used, stored, and protected.

Our registered office address is:

Amici Procurement Solutions Ltd

3 Centura Court

Nasmyth Place

Hillington Park

Glasgow

G52 4PR

United Kingdom

If you have any questions about this Privacy Notice, how we process personal data, or if you wish to exercise your data subject rights, you can contact us at [email protected]

This contact point can also be used to raise any concerns or complaints about how Amici handles personal data, including how it is collected, used, stored, shared, retained, or deleted.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection, if you believe your data protection rights have been infringed.

Amici has not appointed a Data Protection Officer but has designated responsibility for data protection matters to an appropriate member of staff who can be contacted via the email address above.

Collection of personal data and lawful basis.

What types of personal information do we collect?

Amici collects and processes the following categories of personal data, depending on your relationship with us:

Contact and identity information, such as name, business email address, telephone number, company name, role, and account details

Customer and service information, such as account activity, order information, support requests, complaints, enquiries, and service communications

Supplier and business contact information, such as name, business contact details, company details, and correspondence

Website and application usage information, such as interactions with our websites and applications, page views, search activity, behavioural data, and preferences

Technical information, such as IP address, device information, browser type, log data, and approximate location

Marketing and communication information, such as communication preferences, email engagement, and opt-out records

Recruitment information, such as CVs, cover letters, interview notes, references, right-to-work information, and background check information where applicable

How is the information collected by Amici used?

We only process personal data where we have a lawful basis to do so. The main purposes, categories of data, and lawful bases are outlined below.

Purpose	Personal data used	Lawful basis	Legitimate interest, where applicable
To provide our services, including account creation, order management, service delivery, requests, complaints, and enquiries	Name, company name, role, business email address, telephone number, account details, order information, support requests, complaint details, and related correspondence	Performance of a contract / legitimate interests	Delivering and managing our services, supporting customers, and maintaining accurate business records
To manage customer, supplier, and business relationships	Name, business contact details, company details, role, communication history, and relationship records	Legitimate interests / performance of a contract	Managing commercial relationships, responding to enquiries, and operating our business effectively
To send relevant business communications and marketing	Name, business email address, company, role, communication preferences, engagement information, and opt-out records	Legitimate interests / consent where required by PECR	Sending relevant B2B communications about our services and maintaining appropriate marketing suppression records
To manage consent and marketing preferences	Name, email address, consent status, unsubscribe records, and communication preferences	Legal obligation / legitimate interests	Ensuring we respect opt-outs and do not send unwanted marketing
To support recruitment and job applications	Name, contact details, CV, cover letter, interview information, references, work history, qualifications, and right-to-work information	Legitimate interests / steps prior to entering into a contract / legal obligation	Assessing suitability for roles, managing recruitment fairly, and keeping appropriate hiring records
To carry out background checks for selected roles, where applicable	Reference information, criminal conviction or offence information, and financial background information where relevant to the role	Legal obligation / legitimate interests / substantial public interest or other applicable condition under data protection law, where required	Assessing suitability for roles requiring a high degree of trust, integrity, financial responsibility, or access to sensitive information
To secure and improve our corporate website: www.amiciprocurement.com	IP address, device information, browser information, log data, usage information, and website interaction data	Legitimate interests / consent where required for non-essential cookies	Protecting the website, improving performance, understanding usage, and preventing misuse
To secure and improve our application platforms, including app.myamici.com and https://myamici.com/	IP address, device information, log data, usage data, search activity, behavioural data, account activity, and security event data	Performance of a contract / legitimate interests	Providing, securing, monitoring, improving, and troubleshooting the application platforms
To comply with legal, regulatory, tax, accounting, audit, and contractual obligations	Relevant account, transaction, communication, financial, security, complaint, and rights request records	Legal obligation / legitimate interests	Demonstrating compliance and protecting Amici’s legal and commercial position
To detect, investigate, and respond to security incidents, misuse, complaints, or legal claims	Log data, access records, communication records, account activity, complaint information, and relevant correspondence	Legal obligation / legitimate interests	Protecting systems, customer data, employees, and business operations

How long will my data be retained?

Amici retains personal data only for as long as necessary for the purpose for which it was collected, including where retention is required to meet legal, accounting, reporting, regulatory, audit, contractual, or dispute resolution requirements.

Retention periods are determined based on:

The nature, sensitivity, and volume of the personal data

The purpose of processing

Legal and regulatory obligations

Contractual requirements

The potential risk of harm from unauthorised use or disclosure

Whether the data may be required to establish, exercise, or defend legal claims

Our standard retention approach is as follows:

Type of personal data	Retention approach
Customer account and service records	Retained for the duration of the customer relationship and then for the period required for contractual, legal, audit, tax, or dispute resolution purposes.
Order, transaction, billing, and finance records	Retained for the period required under applicable accounting, tax, audit, and legal requirements.
Supplier and business contact records	Retained for the duration of the business relationship and then for the period required for legal, audit, contractual, or dispute resolution purposes.
Website and application logs	Retained for a limited period based on security, troubleshooting, audit, and operational requirements.
Marketing records	Retained until you opt out, withdraw consent where consent is used, or the data is no longer required for marketing purposes. Suppression records may be retained to ensure we respect opt-outs.
Data subject rights requests and data protection complaints	Retained for the period required to demonstrate how the request or complaint was handled and to meet accountability obligations.
Job applicant data	Retained for 2 years after we communicate our recruitment decision, unless a longer period is required by law or you consent to a longer retention period for future opportunities.

Third-party service providers and sub-processors

MyAmici uses trusted third-party service providers, including sub-processors, to support business operations and the delivery of our services. These providers may process personal data on our behalf.

We only use sub-processors where appropriate contractual safeguards are in place, including data processing terms where required. Sub-processors are required to implement appropriate technical and organisational measures to protect personal data.

Where a sub-processor transfers or processes personal data outside the UK, EEA, or Switzerland, we ensure that an appropriate transfer mechanism is in place, such as an adequacy decision, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, EU Standard Contractual Clauses, or another lawful transfer mechanism.

A current list of key third-party service providers and sub-processors involved in processing personal data is available below:

Sub-processor	Service / purpose	Categories of personal data	Processing / hosting information
AIG	Staff administration and employee benefits support	Employee benefits and dependent information, where applicable	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Apollo.io	Sales and marketing intelligence	Business contact details and prospect contact or business information	Supplier-hosted environment
Bistrainer	Staff training and administration	Employee identity, business contact and employment start-date information	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Bupa Insurance Limited	Employee health insurance and benefits administration	Employee identity, contact, date of birth, benefits and dependent information, where applicable	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
DocuSign	Electronic signature and staff administration documentation	Identity and contact information, employment information, contract documentation, CVs and related staff administration information	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Eden Scott	Recruitment support	Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Hays	Recruitment support	Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Howden	Insurance and staff administration support	Employee identity and staff administration information	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
HubSpot	Customer relationship management, sales and marketing activities, and limited staff administration where applicable	Customer and prospect business contact information, communication records, and limited recruitment/staff administration information where applicable	Supplier-hosted environment and Amici-controlled business systems, as applicable
Hyper Recruitment Solutions	Recruitment support	Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
James Brown	Recruitment support	Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Microsoft Limited	Cloud hosting, Microsoft 365, MyAmici platform services, collaboration, storage, security, and internal business systems	Customer and user contact information, account and platform data, order and transaction data, finance information, application usage and security logs, staff administration, HR, payroll, benefits, recruitment and limited special category information where required	Microsoft-hosted cloud services and Amici-controlled Microsoft environments
Morris & Young Chartered Accountants	Accounting, payroll and staff administration support	Employee identity, contact, payroll, tax, banking, salary and pension information	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Net Talent	Recruitment support	Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Oakston	Recruitment support	Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Salesforce	Customer relationship management, sales and marketing activities, and limited staff administration where applicable	Customer and prospect business contact information, communication records, and limited staff administration information where applicable	Supplier-hosted environment and Amici-controlled business systems, as applicable
Sanderson	Recruitment support	Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Santander UK plc	Banking, payments and staff administration support	Employee identity, salary and bank account information	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
STEM Recruitment Solutions	Recruitment support	Applicant contact details, CVs, identity/right-to-work documents and recruitment correspondence	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
The Royal London Mutual Insurance Society Limited	Pension administration	Employee identity, date of birth, National Insurance and pension information	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Three	Telecommunications and staff administration support	Employee address information where required for service administration	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
Xero	Accounting, finance and staff administration support	Employee identity, business contact, bank account and salary information	Processed through Amici-controlled business systems and/or the supplier’s systems, as applicable
ZoomInfo	Sales and marketing intelligence	Business contact details and prospect contact or business information	Supplier-hosted environment

This list includes the name of the relevant third-party service provider or sub-processor, the service provided, the categories of personal data involved, and processing or hosting information where available. We review sub-processors as part of our supplier assurance and data protection governance processes. Where we make material changes to our sub-processors, we will update the published sub-processor list.

Contact / Marketing

We may use your personal data to contact you:

To provide information, products, or services you have requested

To send service, account, contractual, security, or administrative communications

To respond to enquiries, requests, complaints, or support issues

To send relevant business communications or marketing where we have a lawful basis to do so

Where required by law, including under PECR, we will obtain your consent before sending direct marketing communications.

You can opt out of marketing communications at any time by using the unsubscribe link included in emails or by contacting us at [email protected].

If you opt out of marketing, we may retain a suppression record to ensure we respect your preference.

We will continue to send essential service, account, contractual, security, or legal communications where necessary.

What is different for Job applicants?

In connection with your job application to work with Amici, we will collect, store and use the following categories of personal information about you:

information you have provided to us in your curriculum vitae and covering letter

information you provide to us during an interview

We may also collect, store and use the following additional information, where applicable:

information about criminal convictions and offences

financial background information

We do not require criminal conviction checks or financial background checks for every role. Where these checks are required, this will be because the role involves a high degree of trust, integrity, financial responsibility, access to sensitive information, or access to critical systems. We will only carry out these checks where they are necessary, proportionate, relevant to the role, and permitted by applicable law.

We collect personal information about candidates from the following sources:

you, the candidate

recruitment agencies

your named referees, from whom we collect pre-employment information

We will use the personal information we collect about you to:

assess your skills, qualifications and suitability for the vacancy

carry out background and reference checks, where applicable

communicate with you about the recruitment process

keep records related to our hiring processes

comply with legal or regulatory requirements

Where we process criminal conviction or offence information, we will do so only where permitted by applicable law and under an appropriate condition under the Data Protection Act 2018 or other applicable data protection legislation. We apply additional safeguards, including restricted access, secure storage, limited retention, and use of the information only for the relevant recruitment or compliance purpose.

It is in our legitimate interests to decide whether to appoint you to the role, as it is beneficial to our business to appoint a suitable candidate. We also need to process your personal information to decide whether to enter into a contract with you.

If you fail to provide information when requested, where that information is necessary for us to consider your application, such as evidence of qualifications or work history, we may not be able to process your application successfully. For example, if we require a credit check or references for the role and you do not provide the relevant details, we may not be able to take your application further.

You will not be subject to automated decision-making.

We will retain your personal information for a period of 2 years after we have communicated our decision about whether to appoint you. We retain your personal information for this period so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment process in a fair and transparent way.

After this period, we will securely destroy your personal information in accordance with our data retention policy and/or applicable laws and regulations. If we wish to retain your personal information on file because a further opportunity may arise in the future, we will write to you separately and ask for your explicit consent to retain your personal information for a fixed period on that basis.

Access to personal data is restricted to authorised personnel on a need-to-know basis.

Your rights as a data subject

As a data subject whose personal information we hold, you have certain rights as follows:

The right to be informed – You have the right to receive clear and transparent information about how your personal data is collected and used. This is provided through this Privacy Notice and related communications.

The right of access – You may request a copy of the personal data we hold about you. We will respond to such requests without undue delay and within one month, in accordance with applicable law. When responding to a subject access request, we will carry out reasonable and proportionate searches for the personal data requested. Where requests are manifestly unfounded or excessive, we may refuse to act or charge a reasonable fee where permitted by law.

The right to rectification – You have the right to request that inaccurate or incomplete personal data is corrected. You may also request restriction of processing while this is verified.

The right to erasure (the ‘right to be forgotten’) – You have the right to request the deletion of your personal data where there is no lawful basis for continued processing.

The right to restrict processing – You have the right to request that we limit the processing of your personal data where:

The accuracy of the personal data is contested.

Processing of the personal data is unlawful.

We no longer need the personal data for processing, but the personal data is required for part of a legal process.

The right to object has been exercised and processing is restricted pending a decision on the status of the processing.

We will still hold the data but will not process it any further. This right is an alternative to the right to erasure.

The right to data portability – You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.

The right to object – You have the right to object to processing where:

Processing is based on legitimate interest;

Processing is for the purpose of direct marketing;

Processing is for scientific or historical research purposes, where applicable.

Rights in relation to automated decision-making – We do not use solely automated decision-making that produces legal or similarly significant effects on individuals.

Cookies.

Amici uses cookies and similar technologies to ensure the effective operation of our websites and applications, improve user experience, support analytics, and, where applicable, support marketing and service improvement.

Some cookies are strictly necessary for our websites and applications to function. These cookies do not require consent.

Where required by applicable law, including PECR, we will obtain your consent before placing non-essential cookies on your device, including analytics or marketing cookies. You can manage or withdraw your cookie preferences through the cookie banner or preference centre available on our websites.

You can find more detailed information about the types of cookies we use, the purposes for which they are used, how long they remain on your device, and how to manage your preferences in our Cookie Policy. Cookies Policy page.

International transfers.

Whenever your personal data is transferred outside the UK, we ensure that an appropriate level of protection is maintained in accordance with applicable data protection laws.

Such transfers may occur where we use trusted third-party service providers (for example, cloud hosting, analytics, or business systems), which may store or process personal data in countries outside the UK, including the United States.

Whenever personal data is transferred internationally, we ensure that at least one of the following safeguards is in place:

The transfer is to a country that has been deemed to provide an adequate level of protection by the UK Government, the European Commission, or another applicable authority; or

Appropriate safeguards are implemented, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses (SCCs), EU Standard Contractual Clauses, or another lawful transfer mechanism; or

Another lawful exemption or transfer mechanism applies under applicable data protection law.

These measures are designed to ensure that your personal data receives an appropriate level of protection.

You can request further information about the relevant transfer safeguards by contacting us at [email protected].

Data security and sharing.

Amici has implemented appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, use, alteration, or disclosure.

These measures include, but are not limited to:

Access controls restricting data to authorised personnel on a need-to-know basis

Encryption of data where appropriate

Monitoring and logging of systems to detect and respond to security events

Secure system and network configurations

Staff training and confidentiality obligations

Access to personal data is limited to employees, agents, contractors, and other third parties who have a legitimate business need to know. These parties will only process personal data in accordance with our instructions and are subject to confidentiality and data protection obligations.

Where we share personal data with third parties, we ensure that appropriate safeguards are in place, including contractual protections such as data processing agreements, to ensure that personal data is handled securely and in compliance with applicable laws.

The categories of third parties with whom we may share personal data include cloud hosting providers, IT and security service providers, business system providers, analytics providers, professional advisers, recruitment providers, payment, finance or accounting providers, group companies, regulators, law enforcement authorities, and other parties where sharing is required by law, contract, or legitimate business need.

We have established procedures to manage suspected personal data breaches. Where a breach is identified, we will investigate, take appropriate remedial action, and notify affected individuals and relevant regulators where required by law.

Change of purpose

Amici will only use personal data for the purposes for which it was originally collected, unless we reasonably determine that a new purpose is compatible with the original purpose.

When assessing compatibility, we consider factors such as the relationship between the original and new purposes, the context in which the data was collected, and the reasonable expectations of the individual.

If we intend to use personal data for a purpose that is not compatible with the original purpose, we will notify you before doing so where required and explain the legal basis that permits such processing.

Any such changes in processing purpose are subject to appropriate internal review and approval in line with Amici’s data protection procedures.

Changes to this policy

Amici may update this Privacy Notice from time to time to reflect changes in legal requirements, regulatory guidance, or our data processing practices.

Any updates will be published on our website, and where appropriate, we will take reasonable steps to notify you of significant changes.

We encourage you to review this Privacy Notice periodically to stay informed about how we protect your personal data.

This Privacy Notice was last updated on 15 June 2026.

This Privacy Notice is reviewed regularly as part of Amici’s information security and data protection governance framework.

Governance

Amici has implemented policies, procedures, and controls to support compliance with applicable data protection and privacy legislation. These include processes for managing data subject rights requests, handling data protection complaints, responding to data security incidents and breaches, conducting supplier assurance, and completing Data Protection Impact Assessments where required.

Contact us.

Any comments, questions or suggestions about this privacy policy or our handling of your personal data should be emailed to [email protected].

Alternatively, you can contact us at our global HQ using the following postal address or telephone numbers:

Amici Procurement Solutions Ltd (trading as MyAmici)
3 Centura Court
Nasmyth Place
Hillington Park
Glasgow
UK G52 4PR

Telephone: +44 (0)141 810 2580

Our telephone switchboard is open 9:00 am – 5:00 pm GMT, Monday to Friday. Our switchboard team will take a message and ensure the appropriate person is informed.