Stevenage Bioscience Catalyst* has responsibility under data protection law to provide individuals with information about how we process their personal data. In this policy we will provide you with information that is common to all our processing activities, as well as explaining what rights you have to control how we use your information and how to inform us about your wishes.
OUR COMMITMENT TO YOUR PRIVACY
In most instances when Stevenage Bioscience Catalyst collects personal data, we are the Data Controller. As Data Controller, we are responsible for ensuring our systems, processes, suppliers and people comply with data protection laws in relation to the information we handle.
All our people must abide by this policy when handling personal data and take part in any required data protection training.
When we need to let you know about additional privacy information not contained in this policy we will let you know at the point that we collect the relevant personal data from you, or within a reasonable period of obtaining your personal data if we get it from someone other than you.
Our Data Protection Principles
Stevenage Bioscience Catalyst takes your privacy very seriously and has therefore adopted the following principles to govern our use, collection and disclosure of your personal data.
Your personal data will:
• be processed fairly and lawfully and to the extent required under local law with valid and informed consent;
• be obtained for specific and lawful purposes;
• be kept accurate and up to date;
• be adequate, relevant and not excessive in relation to the purposes for which it is used;
• not be kept for longer than is necessary for the purposes for which it is used;
• be processed in accordance with the rights of individuals;
• be kept secure to prevent unauthorised processing and accidental loss, damage or destruction; and
• not be transferred to, or accessed from, another jurisdiction where these core principles cannot be met unless it is adequately protected.
LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA
We are only allowed to use your personal data if we have a proper reason to do so.
Data protection law sets out a number of different reasons we may collect and process your personal data. The lawful basis will depend on the specific activity for which we are collecting your personal data, but will usually be one of the following:
• You have given us permission to do so: In specific situations, we can collect and process your data with your consent – e.g. when you sign up to receive email or postal communication from us. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with particular activities.
• We need to perform a contract for you: In some instances, we need to process your personal data to comply with our contractual obligations with you. For example, if you ask to attend an event and let us know about special dietary requirements, we need your contact details to update you about the event arrangements and to let you know of any changes, and we will also need to pass some of your personal data on to our caterer.
• We need to comply with a legal obligation: We may be legally bound to collect and process your data. For example, if someone is involved in any criminal activity or fraud affecting us, we need to pass details, which could include personal data, to law enforcement.
• It is in our legitimate interest: We require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your event attendance history to offer more personalised event offers. We can only use this lawful basis if our legitimate interests do not override your individual interests, rights and freedoms.
You have rights over your personal data. Under data protection law:
• we have to inform you about the collection and use of your personal data, including our purposes for processing your personal data, how long we will keep your data and who we will share your data with (known as the right to be informed);
• you can ask whether we are processing your personal data and if so, ask for a copy of your information (known as the right of access);
• you can ask for information to be corrected (known as the right to rectification);
• you can ask for information to be erased or deleted (known as the right of erasure);
• you can ask for us to limit or restrict processing (known as the right to restrict processing);
• you can ask us to send you a copy in a structured digital format or ask for us to send it to another party (known as the right to data portability);
• you can object to us processing your data, in particular where we use the data for direct marketing, including profiling for direct marketing purposes. The right to object does not apply if we must process the data to meet a contractual or legal requirement (known as the right to object);
• you have the right not to be subject to a potentially damaging decision being taken without human intervention (known as rights related to automated decision making and profiling).
Some rights, however, may be limited. We may be obliged by law or regulation to keep information. We must respect other people’s privacy as well, which means we may need to redact or remove information where it includes personal data about someone else, even if it is connected to your data. On occasion there may be a compelling legitimate interest to keep processing data.
If you want a copy of your data, to object to how we use your data, or ask us to delete it or restrict how we use it or, please see ‘Getting in touch’ below.
You also have a right to complain to an EU data protection authority. This can be where you live, work or where the matter occurred. In the UK, the authority is the Information Commissioner’s Office, please see ‘Contacting the regulator’ below
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We only keep your data for as long as is necessary for the purpose it was collected. After that period, your data is deleted or anonymised. We may also aggregate your personal data with other data to use for business planning and analysis.
WHO WILL WE SHARE YOUR DATA WITH?
At times we need to share your personal data with trusted third parties e.g. delivery couriers, IT companies, credit card processing services and so on. We only provide what they need and they cannot use your data for anything other than the purposes that they have your data for. Your data is deleted or rendered anonymous if we stop working with the third party.
Sharing your data with third parties for their own purposes
We will never sell or trade your contact details with any third parties without you giving us your express consent to do so e.g. if you ask to attend an event which is being run explicitly as a joint event with a third-party.
There are some instances where we may have to share your information based on our legal obligations, for instance:
• Legal, compliance, regulatory and investigative purposes, including for government agencies and law enforcement.
• When you exercise your rights under data protection legislation, including when you ask to subscribe or unsubscribe from our marketing communications.
WHERE DO WE STORE YOUR PERSONAL DATA?
Where practical, your personal data will be stored within the European Economic Area (the EU plus Iceland, Lichtenstein and Norway) (EEA). This includes data stored in physical format at our sites and in digital format in our own and our service providers systems.
Sometimes we may need to send or store your data outside of the EEA. For example, to follow your instructions, to comply with a legal duty or to work with or receive services from our service providers who we use to support the operation of our business. If we do transfer information outside of the EEA, we will make sure that it is protected by using one of these safeguards:
• Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Some non-EEA countries have been deemed to give adequate protection by the EU.
• Put in place a contract with the recipient that means they must protect it to the same standards as the EEA or use other mechanisms and measures to achieve adequate protection. We also may use the Standard Contractual Clauses published by the EU.
• Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.
• Binding corporate rules. These are internal rules adopted by group companies to allow international transfers of personal data to entities within the same corporate group located in countries which do not provide an adequate level of protection.
COOKIES AND SIMILAR TECHNOLOGY
GETTING IN TOUCH
Our Company Secretary is responsible for overseeing and monitoring our compliance with data protection laws and this policy.
If you want to make a request in line with your rights, you have any concerns regarding the way in which we are processing your personal data, or you just have a question relating to our processing of your personal data, please contact us by email at firstname.lastname@example.org or write to us at: Stevenage Bioscience Catalyst, Gunnels Wood Road, Stevenage, Herts, SG1 2FX, UK.
CONTACTING THE REGULATOR
If you are unsatisfied with the way in which we process your personal data, we ask that you let us know so that we can try to put things right. If we are not able to resolve issues to your satisfaction, you can refer the matter to the Information Commissioner’s Office by calling 0303 123 1113 or going online to www.ico.org.uk/concerns.
*‘Stevenage Bioscience Catalyst’ is used throughout our privacy communications to refer to Stevenage Bioscience Catalyst (registered number 07196230) whose registered office is at Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2FX, UK. For simplicity throughout our privacy communications, ‘Stevenage Bioscience Catalyst’, ‘we’ and ‘us’ means Stevenage Bioscience Catalyst.
What Are Cookies
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.
The Cookies We Set
Site preferences cookies
In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.
Third Party Cookies
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.For more information on Google Analytics cookies, see the official Google Analytics page.
Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the site for you.
From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
As we sell products it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.For more information on Google AdSense see the official Google AdSense privacy FAQ.
Several partners advertise on our behalf and affiliate tracking cookies simply allow us to see if our customers have come to the site through one of our partner sites so that we can credit them appropriately and where applicable allow our affiliate partners to provide any bonus that they may provide you for making a purchase.
We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Linkedin, Twitter, Instagram and WhatsApp, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. This Cookies Policy was created with the help of the Generator of GDPR Cookies Policy.
However if you are still looking for more information then you can contact us through one of our preferred contact methods: