CCTV privacy
Autolus Privacy Notice for EEA UK and Switzerland
Last updated: September 2025
Autolus Limited (“Autolus”) is strongly committed to protecting your privacy and will make efforts to protect your Personal Data as defined below in accordance with this Privacy Notice (“Notice”) which applies to the Personal Data that it collects and processes through the use of CCTV cameras.
Data Controllers
Autolus and/or its affiliates (the “Affiliates”) (hereinafter together referred to as “Autolus,” “we,” or “our”), will act as Data Controller and will process your Personal Data, as specified below, by determining purposes and means of its processing, as per the EU General Data Protection Regulation 2016/679 (“GDPR”), or as applicable, the UK GDPR or the Swiss Federal Act on Data Protection, and all applicable national laws.
Types of Personal Data
Autolus will process, both electronically and manually, the images captured by the CCTV cameras that may include images allowing to identify you (“Personal Data”).
Purposes of use of your Personal Data
Autolus shall collect and use your Personal Data submitted by you for the following purposes:
(i) To comply with regulatory surveillance requirements in the production and export of medical devices to investigate incidents and implement preventative and corrective action to reduce risks, including any required training;
(ii) For the safety, security and regulatory compliance of the manufacturing and export process of patient materials and treatments;
(iii) To prevent and identify the presence of criminal activity, and protect buildings and assets from unauthorised access, theft, damage, disruption, vandalism and other crime (including by employees and contractors);
(iv) For the personal health, safety and wellbeing of employees, visitors and other members of the public, and to act as a deterrent against crime;
(v) To support law enforcement bodies in the prevention, detection and prosecution of crime, including theft;
(vi) To assist in day-to-day management, including ensuring the health and safety of employees and others;
(vii) To assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings; and
(viii) To assist in the defence of any civil litigation, including employment tribunal proceedings.
Shall Autolus need to Process your Personal Data for any additional to the above-mentioned purposes Autolus shall request your permission to do so prior to such additional Processing.
Lawfulness of Processing
The legal grounds for processing your Personal Data for the above-mentioned purposes are the following:
(i) Compliance with an applicable law or regulation.
(ii) Autolus’ legitimate interests
With Whom Autolus Shares Your Personal Data
In order to carry out the aforementioned purposes your data may be transferred and disclosed to:
(1) Autolus' Affiliates worldwide (which may in turn transmit these data to other Autolus Affiliates),
(2) third - party service providers (acting as data processors) providing products and services related to Autolus' business operations and to the purposes specified above (e.g. an event management company),
(3) public authorities such as law enforcement bodies (including but not limited to the police) and other relevant regulatory authorities (including but not limited to the MHRA.
Autolus will require its Affiliates and the third parties to comply with applicable data protection laws or regulations and Autolus policies and procedures to protect the confidentiality and security of the Personal Data that is shared with them.
Some of Autolus' Affiliates and/or third – party service providers may be located in countries outside of the European Union and/or the European Economic Area (“EEA”) or UK or Switzerland, whose laws may not afford the same level of data protection as the one afforded inside the EU/EEA/Switzerland/UK. Where your Personal Data will be transferred to third countries, Autolus will ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such cross-border data transfers (by adopting standard contractual clauses and by implementing appropriate technical and organisational security measures to ensure the security of the processing).
Autolus will be asked to transfer some of your Personal Data, to authorities and other external governmental bodies, having the power to execute checks and investigations towards Autolus in fulfilment of legal obligations or regulations.
A full list of Autolus data processors and additional information regarding the cross-border safeguards Autolus has in place, is available upon request by email at [email protected].
How Autolus protects your Personal Data and how long Autolus retains your Personal Data
Autolus will take reasonable and appropriate physical, administrative and technical safeguards to protect the processing of your Personal Data from loss, misuse, unauthorised access, disclosure, alteration or destruction.
We will store your Personal Date for 60 days and will automatically delete it after 60 days unless retention is required for law enforcement purposes.
Your Rights and how to exercise them
You have the right to request to be informed about the Personal Data Autolus holds about you, access your Personal Data or ask Autolus to rectify, erase or block such Personal Data. You may also object to the use your Personal Data.
To exercise these rights, you can at any time contact us as indicated below.
In case your data protection related requests are not handled in a timely and appropriate manner you have the right to recourse to the competent data protection supervisory authority by lodging a relevant complaint. A list of the national data protection supervisory authorities in Europe can be found here: https://edpb.europa.eu/about-edpb/board/members_en.
How to Reach Us
If you have any questions about this Notice or have a request concerning the processing of your Personal Data or your rights, please contact our Data Privacy Officer by writing by post at Autolus The MediaWorks, 191 Wood Ln, London W12 7FP, United Kingdom, or by email at [email protected].
Full details of how we use your information are available in our Personal Data Policy (Concerning Protection/GDPR/Privacy) as accessible Autonet.