Last updated 1 October 2021
We respect your privacy and value your trust. We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR).
Who we are?
OBD is a data controller and responsible for your personal data. We are a private limited company incorporated and registered in England and Wales under company number 11703979 with our registered office at the Oxford Centre for Innovation, New Road, Oxford, OX1 1BY. We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this policy.
What information do we collect?
We collection information about you in two ways:
- passive – you give us information on our website, email us, call us, meet one of us at events or meetings, or approach us on social media
- proactive – this is data about you that we may hold from referrals, resellers, or through proactive marketing activity
We use automated analytics and tracking systems for email, document management, and marketing activities so that we can protect and optimize our service and deliver relevant marketing.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identify has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, however we try to minimise the personal data held on you. This may include:
- Identity data – first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender
- Personal contact details – email address, phone numbers, business-related social media pages such as LinkedIn, source of your data, and legal reasons for holding of your information
- Transmitted information – such as emails, texts, messaging, phone call information and recordings, voice mails, recordings of online meetings and discussions, meeting notes and document tracking information
How do we use personal information?
We will process your personal information for the following purposes:
- Register your interest in our products and services
- Deliver relevant website content to you
- Administer and protect our business and this website
- Enable data analytics to improve our website, product/services, marketing, customer relationships and experiences
- Make suggestions for goods and services that may be of interest to you
- Internal research and development purposes
- Delivering marketing and events communications
- Providing goods and services
- Legal obligations (eg. Prevention of fraud)
- Meeting internal audit requirements
We do not currently actively market to you, however we do have a “Contact Us” form on our website. On completing this form, or contacting us via our firstname.lastname@example.org email address or telephone number, you consent to our contacting you in order to provide you with more information on our company, as requested in your message. In order to contact you, we will process and store your email address, phone number and the content of your message in line with this policy.
What legal basis do we have for processing your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- where you have provided your explicit consent
- where it is necessary for our legitimate interests (or those of a third party) and your interest and fundamental rights do not override those interests and/or
- where we need to comply with a legal obligation
In the event we are processing special categories of personal information such as genetic results, biometric data, ethnicity, or information about your health, explicit and informed consent will be sought from you prior to our collecting or processing said data.
When do we share personal data?
We may share your personal data with third parties for the purposes set out in “How do we use your personal data?” We require all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Where do we store and process personal data?
Data is stored on encrypted systems on-premise and on hosted cloud services such as Microsoft Office 365 and AWS, in transit, and at rest. We also use Zoho CRM to manage and protect your data.
As such, some data will either be in UK or EU data centres or on US-based servers. We ensure that the correct mechanisms and safeguards are in place.
How do we secure personal data?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long do we keep your personal data for?
Dependant on the data you provide us and for what purpose it is provided we may need to retain your data for up to 6 years from our last interaction. We may retain your personal data for a longer period in the event of a complaint or if we reasonable believe there is a prospect of litigation in respect to our relationship with you.
Your rights in relation to personal data
Under the GDPR you have the right to:
- request access to your personal data
- request correction of the personal data we hold about you
- request erasure of your personal data (note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you at the time of your request)
- object to processing of your personal data
- request restriction of processing of your personal data
- request the transfer of your personal data to you or a third party
- withdraw consent at any time where we are relying on consent to process your personal data
If you wish to exercise any of the rights set out above, please contact us at email@example.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights), however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We aim to respond to all legitimate request within one month, however it may take us longer if your request is particularly complex or you have made a number of requests.
Use of automated decision-making and profiling
We do not make use of automated decision-making or profiling technologies.
How to contact us?
If you have any question or concerns about our privacy practices or your personal information, please contact us at firstname.lastname@example.org. We can also be contacted by post at Oxford Brain Diagnostics Ltd, Oxford Centre for Innovation, New Road, Oxford, OX1 1BY
Linking to other websites / third party content
Details of arrangements for links to other websites and third-party content is described in our website terms and conditions (T&C).