Last updated 1 October 2021
in this policy).
We respect your privacy and value your trust. We are committed to protecting
your personal data in accordance with the UK General Data Protection Regulation (UK GDPR).
may collect your personal data when you visit our website or if you contact us using an email address or
conditions (T&C) will explain how we may use the personal data you provide to us when using our website,
via email, phone, face-to-face meetings etc, you consent to us collecting and processing your personal data
in accordance with this policy.
Who we are?
OBD is a data controller and responsible for your personal data. We are a private limited company
incorporated and registered in England and Wales under company number 11703979 with our registered office at
the Oxford Centre for Innovation, New Road, Oxford, OX1 1BY. We have appointed a Data Protection Officer
(DPO) who is responsible for overseeing questions in relation to this policy.
What information do we collect?
We collection information about you in two ways:
- passive – you give us information on
our website, email us, call us, meet one of us at events or meetings, or approach us on social media
proactive – this is data about you that we may hold from referrals, resellers, or through proactive
We use automated analytics and tracking systems for email, document
management, and marketing activities so that we can protect and optimize our service and deliver relevant
Personal data, or personal information, means any information about an individual from
which that person can be identified. It does not include data where the identify has been removed (anonymous
We may collect, use, store and transfer different kinds of personal data about you,
however we try to minimise the personal data held on you. This may include:
- Identity data –
first name, maiden name, last name, username or similar identifier, marital status, title, date of birth,
- Personal contact details – email address, phone numbers, business-related social media pages
such as LinkedIn, source of your data, and legal reasons for holding of your information.
information – such as emails, texts, messaging, phone call information and recordings, voice mails,
recordings of online meetings and discussions, meeting notes and document tracking information.
How do we use personal information?
We will process your personal information for the following purposes:
- Register your
interest in our products and services
- Deliver relevant website content to you
- Manage our
relationship with you, for example notifying you about changes to our website T&C’s and this Privacy
- Administer and protect our business and this website
- Enable data analytics to improve
our website, product/services, marketing, customer relationships and experiences
- Make suggestions for
goods and services that may be of interest to you
- Internal research and development purposes
Delivering marketing and events communications
- Providing goods and services
- Legal obligations
(eg. Prevention of fraud)
- Meeting internal audit requirements
We do not currently actively
market to you, however we do have a “Contact Us” form on our website. On completing this form, or contacting
us via our firstname.lastname@example.org email address or telephone number, you consent to our
contacting you in order to provide you with more information on our company, as requested in your message.
In order to contact you, we will process and store your email address, phone number and the content of your
message in line with this policy.
What legal basis do we have for processing your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your
personal data in the following circumstances:
- where you have provided your explicit consent.
where it is necessary for our legitimate interests (or those of a third party) and your interest and
fundamental rights do not override those interests and/or.
- where we need to comply with a legal
In the event we are processing special categories of personal information such as
genetic results, biometric data, ethnicity, or information about your health, explicit and informed consent
will be sought from you prior to our collecting or processing said data.
When do we share personal data?
We may share your personal data with third parties for the purposes set out in “How do we use your
personal data?” We require all third parties to respect the security of your personal data and treat it in
accordance with the law. We do not allow third-party service providers to use your personal data for their
own purposes and only permit them to process your personal data for specified purposes and in accordance
with our instructions.
Third parties include those whom we may choose to sell, transfer or merge
parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with
them. If a change happens to our business, then the new owners may use your personal data in the same way as
Where do we store and process personal data?
Data is stored on encrypted systems on-premise and on hosted cloud services such as Microsoft Office
365 and AWS, in transit, and at rest. We also use Zoho CRM to manage and protect your data.
such, some data will either be in UK or EU data centres or on US-based servers. We ensure that the correct
mechanisms and safeguards are in place.
How do we secure personal data?
We have put in place appropriate security measures to prevent your personal data from being
accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place
procedures to deal with any suspected personal data breach and will notify you and any applicable regulator
of a breach where we are legally required to do so.
How long do we keep your personal data for?
Dependant on the data you provide us and for what purpose it is provided we may need to retain your
data for up to 6 years from our last interaction. We may retain your personal data for a longer period in
the event of a complaint or if we reasonable believe there is a prospect of litigation in respect to our
relationship with you.
Your rights in relation to personal data
Under the GDPR you have the right to:
- request access to your personal data.
request correction of the personal data we hold about you.
- request erasure of your personal data
(note however that we may not always be able to comply with your request of erasure for specific legal
reasons which will be notified to you at the time of your request).
- object to processing of your
- request restriction of processing of your personal data.
- request the transfer
of your personal data to you or a third party.
- withdraw consent at any time where we are relying on
consent to process your personal data.
If you wish to exercise any of the rights set out above,
please contact us at email@example.com. You will not have to pay a fee to access your
personal data (or to exercise any of the other rights), however we may charge a reasonable fee if your
request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your
request in these circumstances.
We aim to respond to all legitimate request within one month,
however it may take us longer if your request is particularly complex or you have made a number of
Use of automated decision-making and profiling
We do not make use of automated decision-making or profiling technologies.
How to contact us?
If you have any question or concerns about our privacy practices or your personal information, please
contact us at firstname.lastname@example.org. We can also be contacted by post at Oxford Brain
Diagnostics Ltd, Oxford Centre for Innovation, New Road, Oxford, OX1 1BY
Linking to other websites / third party content
Details of arrangements for links to other websites and third-party content is described in our
website terms and conditions (T&C).