24 May 2018
Population Genetics Technologies Ltd (PGT) understands that your privacy is important to you and that you care about how your personal data is used and shared. We respect and value the privacy of everyone we interact with and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.
1. What Does This Policy Cover?
The purpose of this policy is to inform you about the types of personal data we may collect about you and how we will use it, so that you can then make an informed choice about whether to provide us with your personal data.
“Personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data collected by PGT via business interactions or via our website at www.populationgenetics.com.
2. Your Rights
As a data subject, you have the following rights under the GDPR, which this Policy and our use of personal data have been designed to uphold:
2.1 The right to be informed about our collection and use of personal data (see sections 3 and 4);
2.2 The right of access to the personal data we hold about you (see section 12);
2.3 The right to rectification if any personal data we hold about you is inaccurate or incomplete. (We can be contacted about this using the details in section 14);
2.4 The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you. (We only hold your personal data for a limited time, as explained in section 4 but if you would like us to delete it sooner, please contact us using the details in section 14);
2.5 The right to restrict (i.e. prevent) the processing of your personal data;
2.6 The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation; see section 7);
2.7 The right to object to us using your personal data for particular purposes; and
2.8 Rights with respect to automated decision making and profiling (see section 8).
If you have any queries or complaints about the personal data we hold on you and how we use it, please contact us using the details provided in section 14 and we will do our best to solve the problem for you. You also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office ico.org.uk/.
For further information about your rights, please contact the Information Commissioner’s Office.
3. What Data Do We Collect?
3.1 Personal data collected about users of our website
- Information collected from your use of our website. This includes: IP addresses, preferences, web pages you visited prior to coming to our or our users’ sites, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the Services and our users’ sites (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors);
- Any personal data you provide via the PGT website Contact form, email or other communication to us, such as your name, email address, telephone number and any details provided to us as part of your enquiry.
3.2 Personal data collected as part of doing business
- Business/company name;
- Job title;
- Contact details, such as your name, email address, business and personal address and telephone number;
- Information for contractual or legal reasons.
3.3 Personal data collected about employees and job applicants
- Contact details, such as your name, email address, postal address and telephone number;
- Educational and professional background information;
- Previous and current employment details;
- Date of birth;
- Family information;
- Citizenship information;
- Information on who to contact in an emergency and contact details;
- National Insurance number;
- Bank details.
4.1 All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under the GDPR at all times. For more details on security see section 6, below.
4.2 Our use of your personal data will always have a lawful basis. This will usually be because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate interests. Specifically, we may use your data for the following purposes:
- Responding to your requests, inquiries, comments or concerns;
- Supplying our products or services to you (please note that we require your personal data to enter into a contract with you);
- Personalising and tailoring our products or services for you;
- Replying to emails from you;
- Assessing you for employment.
- If you no longer wish for us to process your personal data, please contact us on firstname.lastname@example.org.
4. How Do We Use Your Data?
5. How Long Do We Store Your Personal Data?
5.1 We only keep your personal data for as long as we need to in order to use it as described above in section 4, and/or for as long as we have your permission to keep it, as described in our Data Retention Policy.
To see a full copy of our data retention policy please contact email@example.com.
Type of Data
Retention Period or Criteria
|As long as PGT maintains a legitimate business interest in interacting with the business contactor as long as allowed by the individual.|
Customer Personal Data
|As long as PGT maintains a legitimate business interest in interacting with the customer, or as long as allowed by the individual.||Yearly|
|Duration of employment plus 6 years.||Yearly||Data such as employees’ personal records, performance appraisals, employment contracts, etc.|
Employee Payroll Data
|3 years||Yearly||Data relating to PAYE, maternity pay or SMP (statutory mandatory pay).|
|1 year||Yearly||Unsuccessful Applicants.|
Health and Safety
6. How and Where Do We Store Your Personal Data?
6.1 We use data hosting service providers and company computers to store personal data outside of the European Economic Area (“the EEA”). (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). We do this because some of our operations which process personal data are based outside of the EEA. We take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the GDPR.
6.2 Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data we have collected.
6.3 Steps we take to secure and protect your data include:
- Restricted sharing and access to data;
- Secure storage and transmission systems;
- Secure deletion and disposal;
- Awareness of data protection and security policies and procedures by employees, agents, contractors and other parties working for or on behalf of the Company.
7. About Data Portability
7.1 Personal data provided in response to requests for data portability can be delivered in commonly used machine readable formats.
8. Automated decision making and profiling
8.1 We do not perform automated decision making using personal data or carry out profiling using personal data.
9. Do We Share Your Data?
9.1 We will not share any of your personal data with any third parties, except for the purposes outlined in sections 9.2 and 10.
9.2 In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal obligations, a court order, or a governmental authority.
10. What Happens If Our Business Changes Hands?
10.2 In the event that any of your data is transferred in such a manner, you will be contacted and informed of the changes.
11. Your Right to Withhold Information
11.2 You may access our website without providing any data at all.
12. How Can You Access Your Data?
You have the right to ask for a copy of any of your personal data held by us (where such data is held). Under the GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us for further information or for a Subject Access Request Form using the contact details below in section 14.
13.2 All Cookies used by and on our website are used in accordance with current Cookie Law.
13.3 An individual can choose to accept or decline cookies and you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device
13.4 It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
14. Contacting Us
Population Genetics Technologies Ltd. is a limited company registered in England and Wales under company number 5116842, whose registered address is Salisbury House, Station Road, Cambridge CB1 2LA.