Welcome to CN Bio’s privacy statement.
CN Bio respects your privacy and is committed to protecting your personal data. This privacy statement will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
This privacy statement is provided in a layered format so that you can click through to the specific areas set out below.
- Important information and who we are
- The data we collect about you
- How is your personal data collected
- How we use your personal data
- Disclosures of your personal data
- International transfers
- Data security
- Data retention
- Jurisdiction-specific privacy rights
1. Important information and who we are
Purpose of this privacy statement
This privacy statement aims to give you information on how CN Bio Innovations Limited collects and processes your personal data through your use of this website, including any data you may provide through the website when you sign up to our mailing list or purchase a product or service.
This website is not intended for children, and we do not knowingly collect data relating to children.
Controller
CN Bio Innovations Limited is the controller and responsible for your personal data (collectively referred to as CN Bio, “we”, “us” or “our” in this privacy statement).
Contact details
If you have any questions about this privacy statement or our privacy practices, please contact our legal department in the following ways:
CN Bio Innovations Limited
Email: [email protected]
By post: 332 Cambridge Science Park, Milton Road, Cambridge, CB4 0WN
Telephone: 01223 737941
You have the right to make a complaint at any time to the relevant regulator for data protection issues which is the Information Commission’s Office in the UK. A list of EEA Data Protection Authorities can be found here.
We would, however, appreciate the chance to deal with your concerns before you approach a regulator so please contact us in the first instance.
Changes to this privacy statement
We may update this statement from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this statement. We will notify you by displaying a note on our website when we make any changes.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
2. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
3. How is your personal data collected
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you:
- enquire about our products or services;
- subscribe to our mailing list;
- request marketing to be sent to you;
- enter a survey; or
- give us feedback or contact us.
- Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.
- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
- Credit reference agencies (including Experian) and fraud prevention agencies,
- Life science third-party marketing providers to provide contact lists, webinar services, send marketing emails on behalf of us with your personal data, but only where you have given them prior consent to do so. Others provide us with general aggregated anonymous data about you for the purposes of campaign monitoring,
- Analytics providers, search information providers etc.
- Digital Marketing Service Providers – we periodically appoint digital marketing agents to conduct marketing activity on our behalf; such activity may result in the compliant processing of personal information. Our appointed data processors include: Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877, and their Data Protection Officer can be emailed.
4. How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data, but if we do in respect of direct marketing, you have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we will use your personal data
We use personal data for the following:
- To supply goods, services and information to you or your organization as part of our contractual obligations to you.
- To enter into, and perform the contract for items or services that we purchase from you as suppliers of CN Bio.
- To manage your or your organization’s account.
- To provide you (customers) with value-added material designed to enhance your customer experience (such as newsletters, hints and tips, novel application notes or surveys to help us improve our service offerings).
- To let you know about additional goods or services that are relevant to those you have purchased, enquired about, or shown an interest in.
- To contact you for feedback and market research purposes.
- To monitor the use of our website and personalize your visits to that website.
- To record traffic flows to our website.
- To carry out research about our website visitors’ and customers’ demographics, interests, and behavior so that we can better understand our visitors, customers and potential customers.
- To inform you about changes and improvements to our website.
Note: When we send you marketing emails, we do this because of our legitimate interest to promote our business to you, however, we only want to send you marketing material if you are happy to hear from us. We aim to provide you with value-added content-rich information highlighting how our products and services can help improve your laboratory workflows and the translatability of your data between laboratory and clinic. We do our utmost to ensure we only send relevant information to you, however, should this information not be of interest, you may opt-out at any time using the unsubscribe link shown in the marketing communication that you receive from us or by contacting us. By doing so, you will only opt-out of marketing communications, not communications relating to orders, feedback, service or support.
5. Disclosures of your personal data
We may share your personal data with:
- Any member of our corporate group, which means our subsidiaries, and our ultimate holding company.
- Business partners, suppliers, service providers and other third parties we use to support our business e.g. marketing agencies. We contractually require these third parties to keep the personal data confidential and use it only for the contracted purposes.
- We may also disclose your personal data to third parties:
- If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- To a buyer or other successor in the event of merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
- To comply with any court order, law, or legal process, including responding to any government or regulatory request.
- To enforce or apply our terms of use and other agreements.
- To protect the rights, property, or safety of our business, our employees, our customers, or others.
6. International transfers
We may process, store, and transfer your personal information to service providers located in a country outside of the UK. Whenever we transfer personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; and
- Where we use certain service providers, we may use specific contracts such as standard contractual clauses approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
7. Data security
We have appropriate administrative and technical security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
8. Data retention
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
We will retain your personal data for a minimum period of 30 days following its provision, however, to determine the appropriate retention period for the personal information we hold thereafter, we consider the amount, nature, and sensitivity of the personal information, the risk of harm from unauthorized use or disclosure of your personal information, the reasons why we handle your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We will delete your data at six years if you are a prospect of CN Bio and have not engaged with communications from us within this period. Where you are a customer of, supplier to, or collaborator of CN Bio, we will retain your data throughout your relationship with us, plus six years to ensure that we can assist you with subsequent inquiries, or if any legal issues arise. If it is not possible to delete all data held on you immediately (for example, data stored in backup archives), we will store your personal information securely and prevent further processing until deletion is possible. In some circumstances, for example, statistics that monitor product performance, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use this information indefinitely without further notice.
9. Jurisdiction-specific privacy rights
If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following data protection rights:
- Your right of access
You have the right to ask us for access to your personal information and to certain other supplementary information that this privacy statement is already designed to address.
- Your right to rectification
You have the right to require us to correct any mistakes in your information which we hold. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure
You have the right to ask us to erase your personal information in certain situations.
- Your right to data portability
You have the right to ask that we transfer the information you gave us from one organization to another, or give it to you in certain situations.
- Your right to opt-out
You have the right to object at any time to processing of personal information concerning you for direct marketing purposes, and where we are relying on legitimate interest and there is something particular about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
- Right not to be subject to automated individual decision making
You have the right to object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
- Your right to object to processing
You have the right to object in certain situations to our continued processing of your personal information.
- Your right to restriction of processing
You have the right to otherwise restrict our processing of your personal information in certain circumstances.
Please note that these rights may be limited, for example, if fulfilling your request would reveal personal information about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep.
What we may need from you
If you would like to exercise any of those rights, please:
- email, call or write to us –
- let us have enough information to identify you (e.g. name, email address, IP address),
- let us have proof of your identity and address (a copy of your driving license or passport and a recent utility or credit card bill), and
- let us know the information to which your request.
- If you would like to unsubscribe from any marketing correspondence, you can also click on the ‘unsubscribe’ button at the bottom of the email.
No fee usually required
You are not required to pay any charge for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Time limit to respond
We will always endeavor to respond promptly to any request however this may take up to one month.