Shionogi B.V. (“Shionogi”) is the European Headquarters of Shionogi & Co., Ltd. - a 140 year old global research-driven pharmaceutical company, headquartered in Osaka, Japan.


Your trust is important to us and Shionogi is committed to protecting your personal data. This privacy notice describes how we collect, use and protect personal information we collect about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) and other ancillary data protection laws. It applies to all current and former employees, workers and contractors as well as job applicants.  This notice does not form part of any contract of employment or other contract for services. We may update this notice at any time and an updated copy will be made available to you.


Further details, including details of your rights in respect of your personal data, are set out in our Privacy Policy on our website at The key points are summarised below.

Name of data controller

Shionogi B.V.

Our contact details

Registered office: Herengracht 464, 1017 CA, Amsterdam, Netherlands


Phone: +44 (0)20 3053 4200


Categories of personal data we hold about you

1.General categories of personal data


Identity and contact data: such as full name, title, addresses, phone numbers, personal email address, DOB, gender, social security or national insurance number, citizenship, marital or civil partnership status, domestic partners, dependants, next of kin and emergency contact information, doctor’s details, copy of driver’s licence and passport.


Professional qualifications: such as education history, professional qualifications and certifications, special skills (e.g. drivers licence), language skills, publications, awards, professional memberships of committees and affiliations.


Recruitment data: such as right to work documentation, references, interview notes, selection and verification records, compensation history, other information included in a CV or cover letter as part of job application process.


Remuneration and benefits data: such as payments and benefits information (including base salary, bonus, long term incentives, annual leave entitlements, pension contributions, car allowance, share options, salary reviews).


Employment/Engagement records: such as terms and conditions of your employment or engagement, job titles, job function details, work history, primary work location, working hours, photograph, holiday and family-related leave records, retirement eligibility, training records and development needs, performance management data (e.g. if you are an employee: feedback, appraisals, outputs from talent programs, formal and informal performance management processes, disciplinary and grievance information).


Start and termination data: such as start date (and, if different, the date of your continuous employment); resignation / termination data (including leave date, reasons for leaving, termination agreements and payments, exit interview records, references).


Financial data: such as bank account details, payroll records and tax status information.


Technical data: such as details about your use of our information and communications systems (e.g. laptop, phone) and digital platforms (e.g. access control details and passwords, IP address, website pages visited), swipe card records.


2.      Special categories of personal data


Health data: such as information about any medical condition or allergy (including details of any medication you take), disability status, health and sickness records (including where you leave employment for reasons relating to your health, injury or disability, and information about that condition needed for pensions and permanent health insurance purposes); details of absences (other than holidays), including time on statutory paternal leave and sick leave; and we record sick days and reasons, or workplace amendments due to health reasons.


Ethnicity and other equality and inclusion information.

Our sources of personal data

During the job application and recruitment process, we collect your personal data directly from you or sometimes from an employment agency, former employer, background check agency or credit reference agency. Additional personal data will be collected in the course of job-related activities during the period you work for us from you, or from others authorised by you (such as family members notifying us of any absence), or from government bodies (such as tax authorities).

Purposes for which we will process your personal data

·Determining the terms on which you work for us and administering our contract.


·Deciding on your continued employment or engagement.


·Making arrangements for the termination of our working relationship.


·Paying you and, if you are an employee for tax purposes, deducting tax and NICs.


·Providing benefits to you and liaising with relevant insurance, pension, health and other benefit providers.


·Managing personnel (e.g. managing performance; assessing development and training requirements; determining promotions, salary and compensation; ensuring health and safety in workplace; assessing fitness to work; providing workplace adjustments; monitoring and managing sickness absences; gathering evidence for possible grievances, disciplinary hearings, disputes and litigation involving you).


·Complying with applicable laws and regulations (e.g. pensions automatic enrolment; statutory maternity/parental leave; statutory sick leave; working time; health and safety; equal opportunities).


·Complying with requests from regulators, courts, law enforcement authorities, data protection supervisory authorities, government investigators.


·To prevent fraud and investigate other issues of potential misconduct.


·For business management and planning, including accounting and auditing.


·Administering and operating our policies and procedures and internal HR systems (including monitoring the use of our information and communication systems to ensure compliance and investigating data breaches and breaches of security).

Legal basis for processing your personal data

The legal basis for the collection and processing of your personal data is:


·for administration related purposes: that it is necessary to fulfil the contract that you are going to enter into, or have entered into, with us or that you have given your consent.


·for tax and health and safety and other regulatory purposes: that it is necessary for compliance with our legal obligations.


·for dealing with health or medical needs:  that it is in your vital interests (or the vital interests of others), you have given your explicit consent or that it is necessary for the purposes of preventative or occupation medicine or assessment of your working capacity, medical diagnosis or the provision of health care.


· for equality and inclusion:  that you have given your explicit consent or that it is necessary for us to comply with employment obligations or rights.


·in the event of any legal action (or potential legal action): that it is necessary for the establishment, exercise or defence of legal claims.


·in all other cases: that it is necessary for our legitimate interests which are to ensure a safe, productive and happy workforce and this does not prejudice or harm your rights and freedoms.

Automated decisions


Who we may share your personal data with

For the purposes set out above, we may share your personal data with:


·Shionogi group companies in other parts of the world.


·certain third party service providers (e.g. benefits administration providers, pensions administration providers, share plan and pension fund providers, insurers, company doctors, financial institutions for company credit cards, expense processing providers, immigration service providers, and professional advisors such as lawyers, accountants, tax advisors, auditors).


·regulatory bodies, tax authorities, data protection supervisory authorities, law enforcement bodies, government authorities, courts, tribunals, arbitrators.


·third parties in relation to our business sale or reorganisation.


·any other person with your consent.

Location of your personal data

Shionogi will normally keep your personal data within the UK or the EU. If we transfer your personal data to our Shionogi group companies or third party providers outside the EEA, we will take appropriate measures to protect it and comply with law.

How long we will keep your personal data

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for satisfying any legal, accounting or reporting requirements. Personnel files are normally retained for 6 years after employment ceases, but most other information is kept for a shorter period (e.g. job application forms, interview notes and data relating to rejected applicants will be kept for no longer than a year).  However, some laws require us to keep certain types of information for longer, such as tax information which we must keep for 7 years after employment ceases and medical records which are kept for up to 40 years.

Your rights in respect of your personal data

You have the right to access your personal data and, in some cases, to require us to restrict, erase or rectify it or to object to our processing it, and the right of data portability. To exercise your rights, see the “How to contact us” section below. For more detail see our Privacy Policy at

Your right to withdraw consent

In the limited circumstances where you have given your consent to us processing your personal data for a specific purpose, you can withdraw it for that specific processing at any time by contacting our Data Protection Lead (details below). If you do withdraw your consent, it will not affect the lawfulness of any processing for which we had consent prior to you withdrawing it.

Complaints and How to Contact Us

If you are concerned about how we are handling your personal data, have questions, or want to exercise your privacy rights, please email our Data Protection Lead at or contact the People Team in the first instance. 


You can also make a complaint to the relevant Data Protection Authority for your country.