Welcome to CN Bio’s privacy statement.
CN Bio respects your privacy and is committed to protecting your personal data. This privacy statement will inform you as to how we look after your personal data when you interact with us and tell you about your privacy rights and how the law protects you. This privacy statement has been adopted pursuant to the UK Data Protection Act 2018, UK GDPR and EU GDPR (“Data Protection Laws”).
Please see below what CN Bio’s privacy statement covers:
- Important information and who we are
- The data we collect about you
- How is your personal data collected
- How we use your personal data
- Disclosures of your personal data
- International transfers
- Data security
- Data retention
- Your data subject rights
1. Important information and who we are
Purpose of this privacy statement
This privacy statement aims to give you information on how CN Bio Innovations Limited collects and processes your personal data when you interact with us, including any data you may provide through the website when you sign up to our mailing list or purchase a product or service.
This website is not intended for children, and we do not knowingly collect data relating to children.
Controller
A “controller” is a person or organisation who alone or jointly determines the purposes for which and the way any personal data is or is likely to be processed. Unless we notify you otherwise CN Bio Innovations Limited is the controller and responsible for your personal data (collectively referred to as CN Bio, “we”, “us” or “our” in this privacy statement).
Contact details
If you have any questions about this privacy statement or our privacy practices, please contact our legal department in the following ways:
CN Bio Innovations Limited
Email: [email protected]
By post: 332 Cambridge Science Park, Milton Road, Cambridge, CB4 0WN
Telephone: 01223 737941
Right to make complaint to data protection regulator
You have the right to make a complaint at any time to the relevant regulator for data protection issues. In the UK, this is the Information Commissioner’s Office (Commonly referred to as the ICO).
If you live or work outside the UK or you have a complaint concerning our personal data processing activities, you may lodge a complaint with another supervisory authority.
We would, however, appreciate the chance to deal with your concerns before your approach a regulator so, please contact us in the first instance.
Changes to this privacy statement
We may update this statement from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this statement. For any substantial changes to our processing activities of your personal data we may get in touch directly with you before the processing activity begins.
Third party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
2. The data we collect about you
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed. This is known as anonymous data. We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Feedback and Opinion Data you provide to us regarding our products and services.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
3. How is your personal data collected
We use different methods to collect data from and about you including through:
Direct interactions
You may give us your Identity and Contact Data by filling in forms or by corresponding with us face-to-face, by phone, email or otherwise. This includes personal data you provide when you:
- enquire about our products or services;
- provide us with your business cards so we can contact you;
- subscribe to our mailing list;
- request marketing material to be sent to you;
- enter a survey; or
- give us feedback or contact us.
Automated technologies or interactions
As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our cookie policy for further details.
Third parties or publicly available sources
We will receive personal data about you from various third parties and public sources as set out below:
- Credit reference agencies (including Experian) and fraud prevention agencies;
- Life Science third party marketing providers to provide contact lists, webinar services, send marketing emails on behalf of us with your personal data. Others provide us with general aggregated anonymous data about you for the purposes of campaign monitoring;
- Analytics providers, search information providers etc; and
- Digital Marketing Service Providers – we periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.
4. How we use your personal data
Lawful basis for processing:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Performance of a contract: Where we need to comply with our contractual obligations.
- Legitimate interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Legal obligation: Where we need to comply with a legal obligation.
- Consent: We may rely on consent as a legal basis for processing your personal data, for example in respect of direct marketing. Where we do rely on consent you have the right to withdraw consent at any time by contacting us.
Purposes for which we will use your personal data
We have set out below in a table format a description of all the ways we plan to use your personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Processing activities | Categories of personal data | Lawful basis for processing | |
To supply products, services and information to you or your organization as part of our contractual obligations to you. | (a) Identity (b) Contact (c) Financial | Performance of a contract | |
To enter into and perform the contract for products or services that we purchase from you as suppliers of CN Bio. | (a) Identity (b) Contact (c) Financial | Performance of a contract | |
To manage your or your organisation’s account. | (a) Identity (b) Contact (c) Usage (d) Marketing and Communications (e) Feedback and Opinion | Performance of a contract Legitimate interests to provide you with relevant marketing material. | |
To provide you (customers) with value-added material designed to enhance your customer experience (such as newsletters, hints and tips, novel application notes or surveys to help us improve our product and service offerings). | (a) Identity (b) Contact (c) Feedback and Opinion | Legitimate interests to offer you bespoke and tailored information about our products and services | |
To let you know about additional products or services that are relevant to those you have purchased, enquired about, or shown an interest in. To also contact you for feedback and market research purposes. We use a feedback platform provided by a third-party service provider to collate this information internally. | (a) Identity (b) Contact (c) Feedback and Opinion Note: You may have also given us your Business Card so we can reach out to you. | Legitimate interests to offer you bespoke and tailored information about our products and services. | |
To carry out research about our website visitors’ and customers’ demographics, interests, and behaviour so that we can better understand our visitors, customers and potential customers. | (a) Contact (b) Technical (c) Profile (d) Usage | Legitimate interests to understand our audience range. | |
To inform you about changes and improvements to our website. | (a) Contact | Legitimate interests to communicate to you of any changes to our services and to improve the features and content of our website. | |
Process academic papers/works for market research purposes. | (a) Contact (b) Identity | Legitimate interests for the continuing development of our products and services. Consent where required. |
Marketing communications
When we send you marketing emails, we do this because of our legitimate interest in promoting our business to you, however, we only want to send you marketing material if you are happy to hear from us.
We aim to provide you with value-added content rich information highlighting how our products and services can help improve your laboratory workflows and the translatability of your data between laboratory and clinic.
We do our utmost to ensure we only send relevant information to you, however, should this information not be of interest, you may opt out at any time using the unsubscribe link shown in the marketing communication that you receive from us or by contacting us here. By doing so, you will only opt out of marketing communications, not communications relating to orders, feedback, service or support.
5. Disclosures of your personal data
We may share your personal data with:
- Our internal stakeholders: Any member of our corporate group, which means our subsidiaries and holding company. Your personal data will be used by our employees and contractors who are working on providing products and services to you on a need-to-know basis.
- Suppliers, service providers and other third parties: We use your personal data to support our business. We contractually require these third parties to keep the personal data confidential and use it only for the contracted purposes. For example:
- Marketing agencies – to assist with our sales and marketing requirements.
- CRM providers – to assist with the day to day running of our business and our relationship with our customers. CRM means Customer Relationship Management.IT support providers – to ensure the smooth running of our IT infrastructure.
- Website analytics providers – to better understand our audience.
- Professional advisers: This would include lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- Law enforcement bodies, regulators and other authorities: This is to comply with our legal requirements or adhere to good practices.
- In the context of a sale:
- If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- To a buyer or other successor in the event of merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding.
6. International transfers
We aim to process and store your personal data in the UK or the European Union, but this isn’t always possible thus we may occasionally process, store, and transfer your personal data to service providers located in a country outside of the United Kingdom (UK)/European Union (EU). Whenever we transfer personal data out of the UK/EU we ensure a similar degree of protection is afforded to it by ensuring one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; and
- Where we use certain service providers, we may use specific contracts such as standard contractual clauses approved for use in the UK/EU which give personal data the same protection it has in the UK. For example, the use of Article 46 UK and EU GDPR safeguard mechanisms to transfer personal data to “third countries” endorsed by the UK Government or European Commission.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK/EU.
7. Data security
We have appropriate administrative and technical security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
8. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for the personal data we hold thereafter, we consider the amount, nature, and sensitivity of the personal data , the risk of harm from unauthorized use or disclosure of your personal data , the reasons why we handle your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Where you are a customer of, supplier to, or collaborator of CN Bio, we will retain your data throughout your relationship with us, plus six years to ensure that we can assist you with subsequent enquiries, or if any legal issues arise. If it is not possible to delete all data held on you immediately (for example, data stored in backup archives), we will store your personal data securely and prevent further processing until deletion is possible.
9. Data subject rights
Under certain circumstances in Data Protection Laws, you have the following data protection rights detailed below. Note not all rights are absolute so, it will depend on the nature and purpose and why we are processing your personal data.
- Your right of access: You have the right to ask us for access to your personal data and to certain other supplementary information that this privacy statement is already designed to address.
- Your right to correction/rectification: You have the right to require us to correct any mistakes in your personal data which we hold. You also have the right to ask us to complete information you think is incomplete.
- Your right to object to processing: This is where we process your personal data based on a legitimate interest or those of a third party and you may challenge this. However, we may be entitled to continue processing your personal data based on our legitimate interests or where this is relevant to any legal claims. See also Marketing communications.
- Your right to request restriction: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy (b) where our use of the data is unlawful but you do not want us to erase it (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
- Your right to erasure: You have the right to ask us to erase your personal data in certain situations.
- Your right to data portability: You have the right to ask that we transfer your personal data you gave us from one organization to another or give it to you in certain situations.
- Right not to be subject to automated individual decision making: You have the right to object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you. We do not carry out automated decision making which results in legal or similarly significant effects.
- Your right to withdraw consent: You have the right to withdraw consent at any time to process personal data where consent has been used as a lawful basis. You have a right to opt out of marketing at any time. Please see Marketing communications.
Please note that these rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete data which we are required by law or have compelling legitimate interests to keep.
Exercising your rights: What we may need from you
If you would like to exercise any of those rights, please:
- email, call or write to us.
- let us have enough information to identify you (e.g. name, email address, IP address),
- let us have proof of your identity and address (a copy of your driving license or passport and a recent utility or credit card bill), and
- let us know the information to which your request.
- If you would like to unsubscribe from any marketing correspondence, you can also click on the ‘unsubscribe’ button at the bottom of the email.
You are not required to pay any charge for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We will always endeavor to respond promptly to any request however this may take up to one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
If you wish to exercise any of the rights set out above, please contact us.
Version control: Last updated: 12 March 2024