Privacy Policy

Privacy & Cookie Policy (Website) is brought to you by Summit Therapeutics PLC, a company incorporated and registered in England and Wales under company number 05197494 whose registered office address is at 136a Eastern Avenue, Milton Park, Abingdon, Oxfordshire, United Kingdom OX14 4SB.

Why you should read this policy

We take the privacy of our customers and visitors to the Website (you) very seriously. Please read this privacy & cookie policy (Policy) carefully as it contains important information about how your personal data will be used. If you are an employee or contractor of Summit Therapeutics PLC, please refer to your contract for further information on how we collect, process and store your personal information.

For the purposes of the General Data Protection Regulation and all other relevant legislation, Summit Therapeutics PLC (‘we’ or ‘us’) is the ‘data controller’ (i.e. the company who is responsible for, and controls the processing of, your personal data).

Registration Number: ZA066410

Personal data we may collect about you / Information that you provide

Personal information about you (such as your name, email address, phone number) may be obtained when you contact us for any reason and by any medium. We may ask you to provide sensitive personal data from time to time. If such data is requested, you will be given additional information as to why the sensitive personal data is being requested and how it will be used.

We may retain a record of any contact you make with us.

Personal Information about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

  • give consent on his/her behalf to the processing of his/her data;
  • receive on his/her behalf any data protection notices; and
  • give consent to any transfer of his/her data.


Information from third parties

Occasionally we may receive information about you from other sources, which will be added to the information already held about you in order for us to help supply our services to you.

Information that will be collected automatically

Cookies: We may monitor your use of the Website through the use of cookies and similar tracking devices. For example, we may monitor how many times you use the Website, which pages you go to and traffic data. This information helps to build a profile of users to the Website. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. For further information on the use of cookies on the Website, please see the sections on cookies below.

Device information: We may also collect information about your device each time you use the Website. For example, we may collect information on the type of mobile device that you are using and its unique device identifier (for example, the IMEI number, the device’s mobile phone number, or the MAC address of the device’s wireless network interface), the type of mobile browser that you are using, the mobile operating system that you are using, mobile network information and the time zone setting.

How your personal data will be used

We will use your personal data for the following purposes:
to help identify you and address any enquiries you have with us;

    • marketing—see ‘Marketing’, below;
    • fraud prevention and detection;
    • billing and service fulfilment;
    • reviewing your application for employment if this is what your enquiry concerns; and
    • to notify you of any changes to the Website or to our services that may affect you.


What is our lawful basis or ground for using your personal data?

Under laws that are designed to protect your personal data, we need to have what is called a lawful basis or ground each time we use, share or otherwise process your personal data.
By reading and agreeing to this Privacy and Cookie Policy, you are consenting to us processing your personal data as detailed within this Policy.

We may also need to process your personal data to comply with any legal obligations which may be applicable. Likewise, we may process your personal data where this is in the public interest or it is to protect your vital interests, but this will only be in very rare circumstances.

In most cases, our processing of your personal data is necessary for the performance of our services to you.

Certain uses of your personal data, or other processing activities, may be necessary for the purposes of our legitimate interests or the legitimate interests of a third party. They may also be in your interests. When we say ‘legitimate interests’, we mean our (or a third party’s) interests in enabling us to provide our services to you as efficiently and securely as possible. For example, we may choose to use a third party to store any personal data provided; we may do this in part because our use of that service means that your personal data is more secure.


If you have provided your consent to receive news updates from us, we may contact you by mail, telephone or email about news and updates regarding Summit Therapeutics PLC that may be of interest to you.

Third Party Websites

The Website may contain links to other websites or apps which we or our partners own, or websites or apps of our partners or third parties. Please note that if you follow any of these links, the websites, apps and services provided through them will have their own privacy policies/terms of use. We do not accept any responsibility or liability for their respective privacy policies/terms of use or the collection and use of any personal data collected through these websites, apps or services. Please ensure that you review the relevant privacy policies/terms of use prior to providing any personal data to, or using these websites, apps and services.

Disclosure of your personal data

We may disclose your personal data to:

        • other companies that become partners or part of a group with Summit Therapeutics PLC;
        • a third party who acquires Summit Therapeutics PLC or acquires substantially all of its assets, in which case the personal data shall be one of the acquired assets;
        • our agents and service providers;
        • law enforcement and regulatory agencies in connection with any investigation to help prevent unlawful activity or as otherwise required by applicable law.


    Keeping your data secure

    We will use technical and organisational measures to safeguard your personal data, for example we will store your personal data on secure servers.
    While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.

    Transfers of data outside the EEA

    Summit Therapeutics is an international company with offices based in the European Union and United States.  In order to provide the services that we offer, Summit may need to transfer parts of your personal information to locations outside the jurisdiction in which you provide it, or where you are viewing this website for the purposes set out in this Privacy Policy.  This may entail a transfer of your information from a location within the European Economic Area (the “EEA”) to outside the EEA.

    The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, Summit will endeavour to implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws.  EU standard contractual clauses are in place between Summit Therapeutic entities that share and process personal data.  Summit will review the processors that we utilise and ensure that there are adequate safeguards in place to protect your personal data, such as adherence to binding corporate rules, standard contractual clauses, or compliance with the EU-US Privacy Shield Framework.

    What you can do to keep your information safe

    If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit Get Safe Online is supported by HM Government and leading businesses in the UK.


    We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of general compliance, training and fraud prevention.

    Your Rights

    We will collect and store information about you, as detailed above. You will be provided with opportunities to consent to this Privacy and Cookie Policy and marketing when you provide your personal details to us.

    You can change your mind, remove or add your consent at any time.
    You have the right of access to your personal records or other information that we hold about you. There is no administrative charge for this service.

            • You have the right to rectify any errors in the data we hold about you.
            • You have the right to have the data we hold about you erased.
            • If you wish us to continue to store your information but wish us to keep your data separate and not process it in any way, please let us know.
            • You have the right to ask us to stop processing your personal data for direct marketing purposes. You may also specify that you object to direct marketing by particular channels such as by email or telephone. If this is the case, please specify the channels you are objecting to in your communications with us.
            • You have the right to data portability. If you wish to obtain your data for your own purposes across different services, please use the contact details below.

    To revise your consent, access, amend or remove your records or assert any of your rights set out above, you should send your request by email to us at or via post using the address at the beginning of this policy.

    These rights may not apply in all situations or in relation to all types of processing.
    You will need to provide proof of identity and address (e.g. a copy of your driving licence or passport, and a recent utility or credit card bill); and specify the personal data you want access to, amended or removed.

    How long we will store your data

    We will store your data for as long as necessary for the purpose of processing. The data may be deleted in the following circumstances for example:

            • You have withdrawn your consent to data processing;
            • The original purpose for processing the data is no longer relevant or cannot be performed anymore; or
            • The data is no longer up to date or accurate.



    If you are aged 16 or under, please get your parent or guardian’s permission before you provide any personal information to us.
    To ensure the privacy and safety of children, Summit Therapeutics PLC will not knowingly collect this data on children without the consent of the parent or guardian.

    Use of cookies

    A cookie is a small text file which is placed onto your mobile (or other electronic device) when you access the Website. We use cookies and other online tracking devices on the Website to:

            • recognise you whenever you visit the Website;
            • obtain information about your preferences when visiting our Website;
            • carry out research and statistical analysis to help improve the Website content and services and to help us better understand our visitor and customer requirements and interests; and
            • make your online experience more efficient and enjoyable.

    The information we obtain from the use of cookies will not usually contain your personal data. Although we may obtain information about your device such as your IP address, your browser and/or other internet log information, this will not usually identify you personally. In certain circumstances we may collect personal information about you—but only where you voluntarily provide it (e.g. by completing an online form).

    In most cases we will need your consent in order to use cookies on this Website. The exception is where the cookie is essential in order for us to provide you with a service you have requested.

    Consent (notification on home page)

    There is a notice on the Website home page which describes how cookies are used and which also provides a link to this Policy. You will be presented with an option to accept the terms of this Privacy and Cookie Policy. If you use this Website after this notification has been displayed to you, you warrant that you have consented to the use of cookies for the purposes described in this Website privacy policy. Please see the below section on how to turn off cookies.

    Third party cookies

    We work with third-party suppliers who may also set cookies on the Website. These third-party suppliers are responsible for the cookies they set on our Website. If you want further information, please go to the website for the relevant third party. You will find additional information in the table below.

    Description of cookies

    The table below is designed to provide more information about the cookies we use and why:

    Cookie Name Cookie Description
    _ga This cookie is used to distinguish users who visit the website.

    Source: Google Inc.

    Duration: 2 years

    _gid This cookie is used to distinguish users who visit the website.

    Source: Google Inc.

    Duration: 24 hours

    _gat This cookie is used to distinguish users who visit the website.

    Source: Google Inc.

    Duration: Until end of session

    How to turn off cookies

    If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of the Website. For further information about cookies and how to disable them please go to: or

    Our contact details

    We welcome your feedback and questions. If you wish to contact us in relation to this policy, please send us an email to or contact us via our Contact page ( ).

    Changes to this privacy policy

    We may change this Policy from time to time. You should check this policy frequently to ensure you are aware of the most recent version that will apply each time you use the Website.
    Last updated: July 2019.

    Data Protection Supervisory Authority

    The Data Protection Supervisory Authority will be the Data Protection Supervisory Authority that is local to you in your country as the data subject. In the United Kingdom, the authority is the Information Commissioner’s Office. In the United States, there is no national authority as of the date of this privacy policy but the Federal Trade Commission has the authority to issue and enforce privacy regulations in specific areas.