As we are a UK company, you are protected by the UK legislation and the EU General Data Protection Regulation (“GDPR”). We are registered as a Data Controller with the Information Commissioner’s Office (“ICO”) in accordance with the GDPR (our registration number is ZA119842 and you can verify our registration here). We respect your privacy and we are committed to protect your personal data.
We invite you to read this Privacy Notice (“Notice”) carefully to understand our practices regarding your personal data. Should you have any questions or concerns relating to the processing of your personal data, please do not hesitate to contact us. Contact details are as follows:
Address: 17 Mercers Row, Cambridge, Cambridgeshire CB5 8HY
Telephone Number: +44 (0)1223 359316
Email address: [email protected]
References in this Notice to ‘we’, ‘us’ and ‘our’ are to FGV Cambridge Nanosystems Limited (“FGV CNS”), while ‘you’ and ‘your’ are referring to individual or company dealing with us.
2. TYPES OF INFORMATION THAT WE COLLECT
Whenever you visit the website, we gather information about what you do during your visit, including the searches you perform and the records you view. We also gather some statistics about your computer, such as the browser you use. Besides, we gather personal information such as name, address, phone number, email address and postal address about you from our business documents during our business transactions, as well as when you register online or place an order for any of our products, provide feedback on any of our message boards or via email, pay for a product or service or get in contact with us. We always aim to gather only the information that we need.
3. EMAILS WE SEND TO YOU
We are committed to send you emails which are relevant and tell you important things about the website. There are some emails which we send you only if we have your permission (marketing emails). There are some emails which we send you even if we don’t have your permission (service emails) – we send these to administer the service. Each is explained below:
- Business Emails: You may receive emails from us regarding our business transactions during and after the transactions.
- Marketing emails: These emails include our regular newsletter, special offers and market research emails. They also include product updates, announcements of new features or historical records on the website. We might tell you about a service offered by another company within our group, or even outside it, but this is rare. We make it very easy to stop receiving these emails.
- Unsubscribing from marketing emails: You may unsubscribe at any time by contacting us (as set out above). There are also instructions on every email we send and you can usually unsubscribe directly from the email without visiting the website.
- Service emails: We need to send these to administer the service. Service emails include registration and payment confirmations, warnings that we are about to charge you or that your subscription or credits are about to expire, and welcome emails that provide useful information about how to use a service or feature when you sign up or start using it. Also, if we make a fundamental change to the website or our Notice that we think we need to make you aware of (for legal or simply for courtesy reasons), we will send you a service email.
4. HOW WE WILL USE YOUR PERSONAL DATA
We do not keep your personal data for longer than is necessary and will only use the personal data that we gather to:
- process your order, manage your account;
- understand your needs to help us improve the website;
- improve search results;
- to enable us to provide you with information that we think may be of interest to you; and
- to meet our legal or regulatory obligations (if any).
5. OUR LEGAL GROUNDS FOR HANDLING YOUR PERSONAL DATA
The GDPR provides us lawful basis to collect, process and keep your Personal data. The legal basis under the GDPR are as follows:
- Consent. We can receive your informed and specific consent to do so, which includes consent to retain your information in the documents arising from the business transaction for the purpose of the transaction record.
- Contractual necessity. We can collect your Personal data to meet contractual requirements.
- Legitimate interests. We have legitimate interest that does not override the fundamental rights of the data subject.
- Vital interests. We can collect personal data if it’s necessary to protect someone’s vital interests of a data subject.
- Legal obligations. We can collect data if we have legal obligations to do so.
6. DATA SHARING
We shall share your personal data with the following types of third party:
- Parent company and any other group companies;
- Regulators or other governmental departments or agencies to comply with the law;
- Professional advisors, including the Contractor; and
- Third parties to whom we may choose to sell, transfer or merge parts of our business of our assets.
If our business transfers to anyone else, you agree that we can pass your information to that person, so they can continue to provide you with the service.
7. INTERNATIONAL TRANSFERS
Your personal data is likely to be transferred to our parent company outside the European Economic Area (“EEA”). Whenever we transfer your personal data out of the EEA, we shall ensure a similar degree of protection is afforded to it by using specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
8. STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA
We treat your information in confidence and shall protect such information no less than a reasonable degree of care. Therefore, your information is stored securely on our servers in the UK. We restrict the dissemination, circulation and supply of your personal information to third parties. If we run a promotion or competition where your information would be shared with a third party for marketing purposes, we will ensure that we have obtained your consent prior to the disclosure. We seek to ensure that we don’t store your payment card information. We use a secured third party service to process the payment that we take from you and we do not keep a record of your credit or debit card details in our systems. In the event our systems are being hacked, your payment card information is still secured.
9. HOW WE SECURE YOUR PERSONAL DATA
We will only share your personal data when we are legally permitted to do so. We put appropriate security measures to prevent any misused or breach of your personal data privacy as follows:
- We use robust security technology and processes. We keep your details safe when you sign in or pay by using encryption. We always use up-to-date technology security standards and make reasonable effort to keep our systems as secure as they can reasonably be.
- We also make sure that only specific people within our company have access to your information, and we restrict this as much as we can. In general, we try to make sure that people only have as much access to your information as they need to carry out their job.
- We practice physical security measures, such as security passes to access our premises.
- Save and except as stated in this Notice, we never use third parties to process your information.
Please be aware that the transmission of data over the internet (including by e-mail) might be intercepted. So although we use appropriate measures to try to protect personal data, we cannot guarantee the security of data transmitted to us or by us.
10. DATA RETENTION
We seek to ensure that we only retain your personal data for as long as we reasonably consider necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, as well as the period which litigation or investigations might arise in respect of the services.
11. YOUR DATA PROTECTION RIGHTS
Your legal rights in relation to your personal data are as follows:
- Request access – This enables you to request a copy of the personal information we hold about you. We will charge £10 as administration charges.
- Request correction – of the personal data that we hold about you. You have the right to request for correction for any personal information we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure – This enables you to request for deletion or removal of personal data that we hold about you, where there is no legitimate reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
- Request to object to process – your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
- Request the restriction – of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer – of your personal information to another party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Request to withdraw consent – at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Please contact us if you have any queries or concerns about the way in which we process your personal data (contact details are set out above).
12. COOKIES/SIMILAR TECHNOLOGIES
13. CHANGES TO OUR NOTICE
We might amend this Notice from time to time. We encourage you to check back frequently to see any updates or changes to our Notice. If we make a major change to it, we will send you a service email describing the changes and what it means for you.
This Notice was last updated on 3 January 2020.