1. Introduction and objectives

This privacy policy has been prepared by DNASTREAM Limited, a company registered in England and Wales under company number 5887312 with registered address at Surrey Technology Centre, 40 Occam Road, The Surrey Research Park, Guildford, Surrey, GU2 7YG, United Kingdom (referred to as “DNASTREAM”, “we”, “us” or “our”).

 

DNASTREAM takes your privacy extremely seriously and we want you to be confident that any information you provide to us, or that we collect about you, when using our public websites, web-based applications or Apps (collectively “online services”) or when you communicate with us or that we collect by other means is treated in a secure manner..

 

This privacy policy is effective from 12th May 2023 and explains how and why we may collect your personal information, how we use it, your rights and choices when it comes to these details, and the steps we take to keep it secure and confidential. DNASTREAM is the controller and processor of your personal information.

​

Please read this privacy policy carefully as once you use our online services you will be deemed to have read and accepted it. This privacy policy forms part of the conditions of use for our online services.

​

2. Scope of this privacy policy

This privacy policy covers our information practices, including how we collect, use, share and protect the personal information you provide to us through our online services or by other means. By accessing our online services, you are agreeing with this privacy policy. If you do not agree with this privacy policy, you must not access our online services.

​

For your convenience and information, our online services may provide links to, or may integrate with, websites, web-based applications or Apps provided by third parties (each a “third-party service”). If you access, interact with or share information via any third-party service from our online services, you will be using or will be directed to the respective third party’s service. We do not control these third-party services, or the privacy practices of the respective provider, and we do not endorse or make any representations about or accept any responsibility for these third-party services or the privacy practices of the respective provider. The personal information you choose to provide to, or that is collected by, any third-party service including any social media websites featured on our online services, is not covered by this privacy policy. We recommend that you to review the terms of use and privacy policy of any third-party service before using it submitting your personal information to it.

​​

We may modify or update this privacy policy from time to time. If we change this privacy policy, we will publish it on our online services. Where we reasonably consider that any changes will have a fundamental impact on the nature of the processing of your personal information or will otherwise have a substantial impact on you, we will give you reasonable notice so that you can exercise any rights you may have (e.g. to object to the processing) by posting a notice of such changes on our website and also by notifying you directly via email (if we hold this information about you).

​

3. How we collect your personal information

These are the main ways we collect your personal information through our online services:

1. if you use our online services to register for events, subscribe to our newsletters or request information about us or our products or services; or

2. if search for or access any content or use any features of our products or services.

​​

We may also collect your personal information by other means, which include:

1. if you enquire about or purchase any of our products or services; or

2. if you reply to our marketing campaigns (e.g., by filling out a response form); or

3. if your personal information is shared with us by our business partners, service providers or other third parties, where you have provided your consent; or

4. from other public sources, such as social media platforms, where you have provided your personal information; or

5. if you interact with us in writing, by email, by other means of electronic communication or by telephone.

 

You may engage with us via features of our online services that are provided by or integrate with social media platforms. When you engage with us through social media platforms, you may allow us to have access to certain information from your social media profile based upon your privacy preference settings on such platforms. We recommend that you review the settings of your social media profile on the social media platforms that you use, to ensure that you understand what information may be collected about you.

​​

If you provide information to us on behalf of someone else, you must ensure that you have that person’s permission and that they have been given this privacy policy beforehand.

​

Our online services have been created for business purposes and are not intended for use by children. We do not knowingly collect any personal information about children.

​

Please help us to keep your personal information up to date by informing us of any changes to your personal information or privacy preferences. You may do this either by using the features available on our online services or by contacting us using the details provided in this privacy policy.

​

4. What personal information we may collect

We may collect the following types of personal information about you, as relevant to the circumstances:

1. identity data including your name, date of birth, gender, marital status, employer's name and job title; and

2. contact data including your home address, employer's address, correspondence address, email addresses and telephone numbers; and

3. topics of interest you may express regarding our products and services; and

4. how you use our online services, including information collected through cookies or other tracking technology (please refer to the section ‘Cookies and other technologies’ in this privacy policy); and

5. whether you open or forward our communications; and

6. information relating to your purchases of our products or services, including the necessary information for us to bill you for their usage such as billing address; and

7. information relating to your use of our products or services, including date and time of access and which pages or features you access; and

8. the IP address from which you access our online services and information about your web browser and operating system; and

9. if you are a previous, current or prospective customer, information relating to your business relationship with us that is necessary for us to administer this relationship including information provided by credit reference agencies (e.g., credit rating); and

10. if you are a previous, current or prospective employee, contractor or business partner , information relating to your actual or prospective employment or business relationship with us that is necessary for us to administer this relationship including, as relevant, your identification documents (e.g., passport, driving license, utility bills), proof of your right to work in the UK, employment history, evidence of skills and qualifications, bank account details, information provided by background checking/vetting agencies (e.g., criminal convictions) and disciplinary record.

​

We do not collect sensitive data about you without your express consent and then only in accordance with applicable data protection laws. The term “sensitive data" refers to the various categories of personal information identified by applicable data protection laws as requiring special treatment such as racial or ethnic origin, political opinions, biometric and genetic data, criminal records, religious beliefs and physical or mental health data.

​

5. How we use your personal information

The personal information we collect may be used to:

1. manage and administer events that you have registered for, and to follow up on events that you have attended or registered for but not attended; and/or

2. publicise future events that we believe you may find of legitimate business interest based on your registration for previous events or the topics of interest you have expressed; and/or

3. issue newsletters or other similar communications that you have subscribed to; and/or

4. provide information about our products or services as requested by you, or relevant to the topics of interest you have expressed; and/or

5. assess the performance of our online services and analyse how they are used to help us make improvements; and/or

6. maintain leads in our sales processes and run marketing or promotional campaigns to create awareness of our brand, products and services; and/or

7. process requests to purchase any of our products or services; and/or

8. provide access to our online services (where relevant) and enable your effective use of the features of these online services; and/or

9. administer our relationship with you as a customer including general communications, account management, product or service delivery, support, contract management, credit management, billing and accounts receivable; and/or

10. administer our relationship with you as a contractor or business partner including general communications, account management, contract management, assignment management, invoice management and financial accounts; and/or

11. administer our recruitment processes including general communications, applicant management, screening, assessments and interviews; and/or

12. administer our relationship with you as an employee including contracts of employment, general staff management, staff communications, matters relating to tax and national insurance, management of sickness and absence, management of staff assignments and disciplinary matters; and/or

13. manage our contractual obligations and enforce our contractual and legal rights.

​​

Your personal information may be used for other purposes for which you give your consent or, in limited circumstances, when required by law or where permitted under the applicable data protection laws.

​​

The use of your personal information set out above is permitted under applicable data protection laws based on these principal legal grounds:

1. where you have consented to its use for the purposes we have stated (in which case you will have been presented with a consent form or some other method to give your consent in relation to such use), which you may withdraw at any time by using the features available on our online services or by contacting us using the details provided in this privacy policy; and/or

2. where it is necessary for us to enter into a relationship with you or perform our contractual obligations with you; and/or

3. where we need to use it to comply with our legal obligations; and/or

4. where we use it to achieve a legitimate business interest and our reasons for using it outweigh any prejudice to your data protection rights (our legitimate interests include performing our business activities, promoting our business and tailoring news or offers to your profile, research and development of products or services, providing you with products or services and managing our relationship with you).

 

6. How we keep your personal information safe

We use technical and organisational security measures including authentication tools to protect your personal information against unauthorised access, loss, manipulation or destruction.

​​

Although data transmission over the Internet cannot be guaranteed to be secure, we and our business partners maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements. Our main security measures, as applicable in the circumstances, include:

1. tightly restricted access to your personal information on a ‘need to know’ basis and for the communicated purposes only; and

2. use of encryption or password-protection when sharing personal information with other parties; and

3. use of encryption (in transit and at rest) for our IT systems as far as is possible within the capabilities of the respective system; and

4. use of individual, password-protected user accounts for our IT systems with, where possible, multi-factor authentication and assigned permissions to ensure access is only permitted to specific information according to the job role of the user; and

5. provision of facilities to set up individual, password-protected user accounts for users of our products with assigned permissions to ensure access is only permitted to specific features of the respective product and/or data relating to that user’s assigned role; and

6. use of firewalls for our IT systems to prohibit unauthorised access; and

7. storage of physically recorded information (i.e., paper documents) in a secured office location; and

8. enforcement of strict company policies relating to information security, control of access to our IT systems and the permitted uses of our IT systems, our other IT assets and our products, which form part of our employee handbook and the contractual obligations of our contractors and business partners; and

9. use of binding contracts with our customers regarding the permitted uses of our products.

​

Where any portion of our online services is provided by a third party, including but not limited to social media platforms or web-based applications, the respective third-party provider is responsible for any security measures it uses on its platform to protect your personal information against unauthorised access, loss, manipulation or destruction. Our online services will comply with the policies set out by the respective third-party provider to provide the features available via our online services however, we have no control over the security measures adopted by such third-party providers.

​

7. How long we keep your personal information

We retain your personal information only for as long as is necessary and only for the purposes for which it has been collected. Our retention periods are based on our legitimate business needs or our legal obligations, and once no longer needed your personal information is either irreversibly anonymised or securely destroyed. The retention period applicable to your personal information will be determined according to its use, as follows:

1. use for marketing purposes: we retain your personal information for as long as is necessary and in accordance with your privacy preferences, but only for the purposes for which it was collected – for example, if you have expressed an interest about our products or services we will retain your personal information for the purposes of marketing such products or services unless you update your privacy preferences to withdraw your consent; or

2. use for performing a contract: we retain your personal information for the duration of the contract and for a period of six years after the contract expiration or termination date to deal with queries or claims thereafter, or for such longer period as required in law; or

3. use for managing a business relationship or partnership: we retain your personal information for the duration of the relationship or partnership and for a period of up to six years thereafter; or

4. where claims are contemplated: in relation to any personal information where we reasonably believe it will be necessary to defend or prosecute or make a claim, we may retain that information for a long as that claim could be pursued.

​

8. Who we share your personal information with

The personal information that we collect about you may be shared with other parties on our behalf, with your consent where necessary. We will not sell your personal information.

​​

The types of parties we may transfer your personal information to are as follows:

1. business partners and contractors that work with us or on our behalf to provide or support our online services, products or services, or support us in our business activities; or

2. event companies that run or manage events on our behalf; or

3. IT services, technology or application providers that provide us with the applications, systems, products or services we use to operate or support our business activities; or

4. credit reference and background checking agencies; or

5. law firms and other professional advisors that provide advice to us.

​​

Where we share your personal information, this is done in a secure manner. When we share this information with other parties, we ensure that the other parties are required to use it only for the purpose for which it was collected and require such parties to enter into a binding confidentiality and/or contractual agreement with us.

​​

We may also share your personal information without your consent if it is in relation to a legitimate business interest or where we have a contractual or legal obligation to do so, such as:

1. when required by law to share information with statutory authorities, government institutions or other authorised bodies; or

2. when required to use the information to respond to a summons, court order or other legal process, or to establish or exercise our legal rights or defend against claims; or

3. where we believe it is necessary to investigate, prevent or take actions against any illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law; or

4. where we believe it is necessary to protect or enforce our rights, usage terms, intellectual or physical property or for our safety or that our customers, business partners, contractors or other associated parties; or

5. in the event DNASTREAM is acquired by or merged with another company or acquires another company or undergoes a reorganisation.

​​

While performing our business activities, your personal information may be accessed by our staff, agents or contractors from a country outside of the United Kingdom and European Economic Area (EEA) for any of the purposes set out in this privacy policy. These countries may have in place data protection laws that may be of a lower standard than in the United Kingdom and EEA.

 

We will take reasonable steps to ensure that any of your personal information that is accessible outside of the United Kingdom and EEA is handled subject to appropriate safeguards, which will include either asking for your consent to transfer the data or transferring it subject to approved standard contractual clauses that impose equivalent data protection obligations to those in force in the United Kingdom directly on the recipient, unless we are permitted under applicable data protection laws to make such transfers without such formalities..

​

9. Cookies and other technologies

What is a cookie?

A cookie is a small text file that stores Internet settings. Almost every website uses cookie technology. The cookie is downloaded by your web browser the first time you visit a website. The next time you visit that website from the same web browser and the same device, the cookie and the information in it are either sent back to the originating website (first-party cookies) or to another website to which it belongs (third-party cookies). By that process, the website can detect that it has already been opened using this web browser on this device and, in some cases, it will then vary the content it shows.

 

Our online services may use cookies for many important reasons, such as:

1. providing you with a superior user experience and improving the experience when you return to the website using the same device and the same web browser as before, such as remembering your preferences and adapting the content that is shown to be relevant to your personal interests; and/or

2. to identify you as a registered member of our online services; and/or

3. to monitor and analyse the performance, operation and effectiveness of our online services and the underlying platforms that provide our online services; and/or

4. to ensure our online services and the underlying platforms are secure and safe to use.

 

Use of cookies on our online services

Our online services accessed via a web browser may use cookies of different types.

​

Strictly necessary cookies: these enable features without which you would not be able to use our online services as intended. These cookies are used exclusively by us and are therefore known as first-party cookies. They are only saved on your computer while you are actually using our online services. Strictly necessary cookies do not require approval and cannot be disabled using the features of our online services.

 

Performance cookies: these gather information about how a feature of our online services is used for example, which pages a visitor opens most often, and whether the user receives error messages from some pages. These cookies do not save information that would allow the user to be identified. The collected information is aggregated and therefore anonymous. These cookies are used exclusively to improve the performance of our online services and with it the user experience.

Functional cookies: these enable our online services to save information which has already been entered (such as usernames and language choices), so that it can offer you improved and more personalised functions. For example, our online services can offer content in your local language if it uses a cookie to remember your preferred language. These cookies collect anonymous information and cannot track your movements on other websites.

​

Marketing cookies: these are used to deliver adverts and other communications more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to help measure the effectiveness of advertising campaigns. They remember whether you have visited our online services or not, and this information can be shared with other organisations such as advertisers (this includes advertising technologies on websites such as Facebook, LinkedIn and Twitter). Cookies for improving group targeting and advertising will often be linked to site functionality provided by other organisations.

 

You will be notified of the use of cookies on your first visit to each of our online services and given advice about how to change your preferences (and our online services may attempt to set a cookie to record your preference for future visits). Your web browser may be set to automatically accept cookies, but you may change these settings to decline all cookies if you prefer. You can manage cookies through your web browser settings. The 'Help' feature on most web browsers will tell you how to prevent your web browser from accepting new cookies, how to have the web browser notify you when you receive a new cookie, how to disable cookies, and when cookies will expire.

 

If you set your web browser to decline all cookies or certain cookies, our online services may not function correctly, and you may not be able to use all the features of our online services.

​

We may also use web beacons or tracking pixels in our emails and on web pages that help us to monitor whether you have opened any newsletters or other communications we may have sent to you. A web beacon is one of various techniques used on web pages or email to unobtrusively (usually invisibly) allow checking that a user has accessed some content. Common uses are email tracking and page tagging for web analytics and marketing analytics. We may use this information in conjunction with the topics of interest you have expressed, to deliver you a personalised experience by ensuring we send you information that we believe you will find interesting, based on the content we know you have engaged with previously.

 

Our online services may include functionality to interact with social media websites where you may have accounts, such as Facebook, Twitter and LinkedIn. You should be aware that these social media websites may set cookies while you are using them and use of these features may result in the collection or sharing of information about you.

 

We may disclose aggregated information about your use of our online services to our social media, advertising or analytics partners who may combine it with other information that they hold. We will not disclose information to such parties that identifies you or that contains your personal information.

 

Our online services use the following cookies, depending on the circumstances:

​

• AWSELBCORS – a third-party cookie used for distributing website traffic between servers to optimise response times, which expires after 1 hour

• aseurl – a first-party cookie to set the base URL for the current session, which expires at the end of the session

• cookies – a first-party cookie that defines the current scope or accepted cookies, which expires at the end of the session

• hs – a first-party cookie used for security purposes, which expires at the end of the session

• JSESSIONID – a first-party cookie used to track a session across website pages, which expires at the end of the session

• logout – a first-party cookie that sets the logout path for the current session, which expires at the end of the session

• smSession – a first-party cookie used to identify logged-in site members, which expires after 2 days or 2 weeks

• ssr-caching – a first-party cookie used indicate how the site was rendered, which expires at the end of the session

• svSession – a first-party cookie used to identify unique visitors and track sessions, which expires after 2 years

• whose_is_this – a first-party cookies that identifies the type of currently logged-in user for session navigation purposes, which expires at the end of the session

• XSRF-TOKEN – a first-party cookie used for security purposes, which expires at the end of the session

• _ga – a third-party cookie used to register a unique ID that is used to generate statistical data on how a visitor uses the website, which expires after 2 years

• _gat – a third-party cookie used by Google Analytics to throttle the request rate, which expires after 1 day

• _gid – a third-party cookie used to register a unique ID that is used to generate statistical data on how a visitor uses the website, which expires after 1 day

​

10. Your rights and how to change your privacy preferences

You can make individual changes to your privacy preferences using the features included on our online services, where available. You may also use the ‘unsubscribe’ features included in our marketing communications and e-newsletters to stop receiving these communications.

​

You can also contact us using the details provided in this privacy policy to change your privacy preferences, withdraw your consent in relation to how we use your personal information, or request information about the personal information we hold about you as well as requesting the correction, deletion or restriction of your personal data for analytics and/or marketing use.

​

Subject to certain conditions you have the right to require us to:

1. provide you with further details on the use we make of your information; and/or

2. provide you with a copy of the information we hold about you; and/or

3. update any inaccuracies in the information we hold about you; and/or

4. delete any information about you that we no longer have a lawful ground to use; and/or

5. remove you from any direct marketing lists when you object or withdraw your consent; and/or

6. provide you with your personal information in a usable electronic format and transmit it to a third-party (right to data portability); and/or

7. restrict our use of your personal information; and/or

8. cease carrying out certain processing activities based on the grounds of having a legitimate business interest unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.

 

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) and the rights of third-parties. In certain circumstances, where you exercise these rights you may no longer be able to access or use our online services.

​

In limited circumstances we may charge a reasonable fee for certain requests you make to us, which we will advise you of in advance.

​

11. How to contact us

You can contact us in the following ways:

• By sending an email to info@dnastream.com and providing us with your full name and email address, together with details of the changes you wish to make

• By writing to us at DNASTREAM Limited, Surrey Technology Centre, 40 Occam Road, The Surrey Research Park, Guildford, Surrey, GU2 7YG

• By telephoning us on 01483 685540 and asking to speak to a member of our staff

 

If you are dissatisfied with our use of your information or our response to any exercise of your rights, you have the right to complain to the Information Commissioner’s Office (ICO), which regulates the processing of personal data in the United Kingdom. More information can be found on the ICO website at https://ico.org.uk.

​

12. Review

This policy will be reviewed at least annually or when required by changes in circumstances.

​