1. Introduction and objectives
3. How we collect your personal information
These are the main ways we collect your personal information:
- If you use our websites to register for events, subscribe to our e-newsletter or request information about our products or services
- If you purchase any products or services from us
- If you reply to our marketing campaigns (e.g. by filling out a response form)
- If your contact details are shared with us by our business partners, service providers or other third-parties, where you have provided your consent
- From other public sources, such as social media platforms, where you have provided your personal details
- When you use our services
- When you access or use our products, such as cloud applications or mobile applications
- If you correspond with us in writing or by email or telephone
- If you work for us or on our behalf as a contractor
You may engage with us through social media platforms or through features on our websites or within our products that integrate with social media platforms. When you engage with us through social media platforms, you may allow us to have access to certain information from your social media profile based upon your privacy preference settings on such platforms. We recommend that you review the settings of your social media profile on the social media platforms that you use, to ensure that you understand what information may be collected about you.
Our websites, products and services (including any cloud applications and mobile applications) have been created for business purposes and are not intended for use by children, and we do not knowingly collect any personal information about children.
4. What personal information we may collect
We may collect the following types of personal information about you:
- Home address
- Correspondence address
- Email addresses
- Telephone numbers
- The name of the organisation you work for
- Job title
- Topics of interest regarding DNASTREAM’s products and services
- Information relating to purchases of our products or services, including the necessary information for us to bill you for their usage such as billing address
- Information relating to your use of our products or services
- If you are a customer, information relating to your business relationship with us that is necessary for us to administer this relationship including information provided by credit reference agencies (e.g. credit rating)
- If you are a contractor, information relating to your business relationship with us that is necessary for us to administer this relationship including your identification documents (e.g. passport, driving license, utility bills), proof of your right to work in the UK, employment history, skills, qualifications, bank account details and information provided by background checking/vetting agencies (e.g. criminal convictions)
5. How we use your personal information
The personal information we collect may be used to:
- Manage and administer events that you have registered for, and to follow up on events that you have attended
- Publicise future events that we believe you may find of legitimate business interest based on your registration for previous events or the topics of interest you have expressed
- Issue e-newsletters that you have subscribed to
- Provide information about our products or services as requested by you, or relevant to the topics of interest you have expressed
- Assess the performance of our websites and analyse how they are used to help us make improvements
- Maintain leads in our sales processes and run marketing or promotional campaigns to create awareness of our brand, products and services
- Process requests to purchase any of our products and services
- Provide access to our products and enable your effective use of the features of our products
- Administer the relationship with our customers including general communications, account management, product or service delivery, support, contract management, credit management, billing and accounts receivable
- Administer the relationship with our contractors including general communications, account management, contract management, assignment management, invoice management and accounts payable
- Manage our contractual obligations and enforce our contractual and legal rights
Your personal information may be used for other purposes for which you give your consent or, in limited circumstances, when required by law or where permitted under the relevant data protection and privacy law.
The use of your personal information set out above is permitted under UK data protection law based on these principal legal grounds:
- Where it is necessary for us to enter into or perform our contractual obligations with you
- Where we need to use it to comply with our legal obligations
- Where we use it to achieve a legitimate business interest and our reasons for using it outweigh any prejudice to your data protection rights (our legitimate interests include promoting DNASTREAM’s business and tailoring news or offers to your profile, research and development of products or services, providing you with products or services and managing our business relationship with you)
6. How we keep your personal information safe
We use technical and organisational security measures including authentication tools to protect your personal information against unauthorised access, loss, manipulation or destruction.
Although data transmission over the Internet cannot be guaranteed to be secure, we and our business partners maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements. Our main security measures are:
- Tightly restricted access to your data on a “need to know” basis and for the communicated purposes only
- Use of encryption or password-protection when sharing personal information with other parties
- Use of encryption (in transit and at rest) for our IT systems as far as is possible within the capabilities of the respective system
- Use of individual, password-protected user accounts for users of our IT systems with assigned permissions to ensure access is only permitted to specific information according to the job role of the user
- Provision of facilities to set up individual, password-protected user accounts for users of our products with assigned permissions to ensure access is only permitted to specific product features of the respective product and/or data relating to that user’s assigned role
- Use of firewalls for our IT systems to prohibit unauthorised access
- Physically recorded information (i.e. paper documents) stored in locked cabinets in a locked office location
- Enforcement of strict company policies relating information security, control of access to our IT systems and the permitted uses of our IT systems, our other IT assets and our products, which form part of our employee handbook and the contractual obligations of our contractors and business partners
- Use of binding contracts with our customers regarding the permitted uses of our products
7. How long we keep your personal information
We retain your personal information only for as long as is necessary and only for the purposes for which it has been collected. Our retention periods are based on our legitimate business needs or our legal obligations, and once no longer needed personal information is either irreversibly anonymised or securely destroyed.
Use for providing features within a product: we retain your personal information for the duration of the contract that provides for your use of the product including any subsequent period to facilitate off-boarding activities as set out in the respective contract.
Use for marketing purposes: we retain your personal information for as long as is necessary and in accordance with your privacy preferences, but only for the purposes for which it was collected – for example, if you have expressed an interest about our products or services we will retain your personal information for the purposes of marketing such products or services unless you update your privacy preferences to withdraw your consent.
Use for performing a contract: we retain your personal information for the duration of the contract and for a period of six years after the contract expiration or termination date to deal with queries or claims thereafter.
Use for managing a business partnership: we retain your personal information for the duration of the partnership and for a period of up to six years thereafter.
Where claims are contemplated: in relation to any personal information where we reasonably believe it will be necessary to defend or prosecute or make a claim, we may retain that information for a long as that claim could be pursued.
8. Who we share your personal information with
Personal information that we collect about you may be transferred to other parties or accessed by other parties on our behalf, with your consent where necessary.
The types of parties we may transfer personal information to are as follows:
- Business partners and contractors that work with us or on our behalf to provide or support the products or services that you have requested or purchased
- Event companies that run or manage events on our behalf
- IT or application providers that provide us with the systems, products or services we use to operate our business activities
- Credit reference and background checking agencies
- Law firms that provide legal advice to us (e.g. when dealing with disputes)
Where we share personal information, this is done in a secure manner. When we share this information with other parties, we ensure that the other parties are required to use it only for the purpose it was collected and require such parties to enter into a binding confidentiality and/or contractual agreement with us.
We may also share personal information without your consent if it is in relation to a legitimate business interest or where we have a contractual or legal obligation to do so, such as:
- When required by law to share information with statutory authorities, government institutions or other authorized bodies
- When required to use the information to respond to subpoenas, court orders or legal process, or to establish or exercise our legal rights or defend against legal claims
- Where we believe it is necessary to investigate, prevent or take actions against any illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law
- Where we believe it is necessary to protect or enforce our rights, usage terms, intellectual or physical property or for the safety of DNASTREAM or that our customers, business partners, contractors or other associated parties
- In the event DNASTREAM is acquired by or merged with another company
Certain countries outside the EEA, such as Canada and Switzerland, have been approved by the European Commission as providing essentially equivalent protection to EEA data protection laws and therefore no additional legal safeguards are required. In countries that have not had such approval, we will either ask for your consent to transfer the data or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.
9. Cookies and other technologies
What is a cookie?
A cookie is a small text file that stores Internet settings. Almost every website uses cookie technology. The cookie is downloaded by your Internet browser the first time you visit a website. The next time you visit this website from the same device, the cookie and the information in it are either sent back to the originating website (first-party cookies) or to another website to which it belongs (third-party cookies). By that, the website can detect that it has already been opened using this browser and, in some cases, it will then vary the content it shows.
Some cookies are extremely useful because they can improve your user experience when you return to a website you have already visited. This assumes that you are using the same device and the same browser as before; if so, cookies will remember your preferences, will know how you use the website, and will adapt the content you are shown so that it is more relevant to your personal interests and needs.
Strictly necessary cookies: Enable features without which you would not be able to use the website or product as intended. These cookies are used exclusively by DNASTREAM and are therefore known as first-party cookies. They are only saved on your computer while you are actually browsing the website or using the product. Strictly necessary cookies do not require approval and cannot be disabled using the features of the website or product.
Performance cookies: Gather information about how a website or product feature is used for example, which pages a visitor opens most often, and whether the user receives error messages from some pages. These cookies do not save information that would allow the user to be identified. The collected information is aggregated and therefore anonymous. These cookies are used exclusively to improve the performance of the website or product and with it the user experience.
Functional cookies: Enable a website or product to save information which has already been entered (such as user names and language choices), so that it can offer you improved and more personalized functions. For example, a website can offer content in your local language if it uses a cookie to remember your preferred language. These cookies collect anonymous information and cannot track your movements on other websites.
Marketing cookies: Used to deliver adverts and other communications more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and to help measure the effectiveness of advertising campaigns. They remember whether you have visited a website or not, and this information can be shared with other organizations such as advertisers (this includes advertising technologies on websites such as Facebook, LinkedIn and Twitter). Cookies for improving group targeting and advertising will often be linked to site functionality provided by other organizations.
If you set your browser to decline all cookies, the website or product may not function correctly, and you may not be able to use all the features of the website or product.
We may also use web beacons or tracking pixels in our emails and on web pages that help us to monitor whether you have opened any newsletters we may have sent to you. A web beacon is one of various techniques used on web pages or email to unobtrusively (usually invisibly) allow checking that a user has accessed some content. Common uses are email tracking and page tagging for web analytics. We use this information in conjunction with the topics of interest you have expressed, to deliver you a personalized experience by ensuring we send you information that we believe you will find interesting, based on the content we know you have engaged with previously.
Our websites and products may include functionality to interact with social media websites where you may have accounts, such as Facebook, Twitter and LinkedIn. You should be aware that these social media websites may set cookies while you are using them and use of these features may result in the collection or sharing of information about you.
We may disclose aggregated information about your use of our websites to our social media, advertising or analytics partners who may combine it with other information that they hold. We will not disclose information to such parties that identifies you or that contains your personal information.
10. How to change your privacy preferences
You can make individual changes to your privacy preferences using the features included on our websites and within our products, where available. You may also use the “unsubscribe” feature included in our marketing communications and e-newsletters to stop receiving these communications.
Under certain conditions you have the right to require us to:
- Provide you with further details on the use we make of your information
- Provide you with a copy of the information we hold about you
- Update any inaccuracies in the information we hold about you
- Delete any information about you that we no longer have a lawful ground to use
- Remove you from any direct marketing lists when you object or withdraw your consent
- Provide you with your personal information in a usable electronic format and transmit it to a third-party (right to data portability)
- Restrict our use of your personal information
- Cease carrying out certain processing activities based on the grounds of having a legitimate business interest unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) and the rights of third-parties. In certain circumstances, where you exercise these rights you may no longer be able to access or use our products. Where you have been provided with access to use our products by your employer or another party, you should also liaise with your employer or such other relevant party with regard to exercising these rights.
11. How to contact us
You can contact us in the following ways:
- By sending an email to firstname.lastname@example.org and providing us with your full name and email address, together with details of the changes you wish to make
- By writing to us at
Surrey Technology Centre
40 Occam Road
The Surrey Research Park
If you are dissatisfied with our use of your information or our response to any exercise of your rights, you have the right to complain to the Information Commissioner’s Office (ICO) which regulates the processing of personal data in the UK. More information can be found on the ICO website at https://ico.org.uk.
Last revision: October 2018.