Svastia Genetics Inc. and Cambridgene Limited (herein referred to as “Cambridgene”, “Svastia”, “we”, “us”, or “our”) are committed to respecting and protecting the privacy of customers, individuals, families or communities (herein referred to as “you” or “your”).
This policy has come into effect on 25 th May 2018 and has been posted in our websites. Any future changes to this policy will also be updated in our website with relevant dates.
We are committed to protecting your personal information and being transparent about what information we hold, whether you are a customer, partner, network member, provider of goods or services or just communicated with us through email, SMS, postal address or other means. We promise to respect any personal data you share with us, or that we get from other organisations about you and keep it safe.This policy explains:
- Who we are;
- Your rights
- What personal data we store about you;
- Lawful basis for processing;
- Purpose of processing;
- Where we store your data;
- How long we store your data;
- How we will use that information;
- Legal basis and legitimate interest
- Your rights to data erasure.
- Contact information
Who we are
Svastia Genetics Inc. is a US C-Corporation incorporated in the state of Delaware. Cambridgene Limited is a Limited Company registered in England and Wales and a wholly owned subsidiary of Svastia Genetics Inc. Cambridgene Limited’s registered office address is at Future Business Centre, Kings Hedges Road, Cambridge CB4 2HY and its registration number is 09493568. Svastia is a registered trademark of Cambridgene Limited. We operate under the trade names Cambridgene and Svastia and our websites include the following: http://www.cambridgene.com, https://svastia.ai
Under the General Data Protection Regulation (link in the “Links” section) you have a number of important rights. In summary, those include rights to:
- access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold
- request the erasure of personal data concerning you in certain situations
- request access to your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to a third party in certain situations
- object at any time to processing of your personal data for direct marketing
- object to decisions being taken by automated means which have significant adverse legal effects on you
- object in certain other situations to our continued processing of your personal data
- otherwise restrict our processing of your personal data in certain circumstances
- claim compensation for damages caused by our breach of any data protection laws.
What personal data we store about you
If you contact us, send us emails, invoices, have a contract with us, connect with us or our staff, through LinkedIn or other social media, or conduct other business-type transactions, we will collect the associated data in order to facilitate the enquiry, business or other interaction between us. We may also receive such information from a third party incidentally or through introductions and other communications. We maintain a database – Zoho CRM – and use Zoho Mail, LinkedIn, FreeAgent, Asana, Google Drive, Amazon Web Services, Microsoft Azure, Dropbox as well as Google’s cloud services. Please refer to their policy statements and notices for further information, but if you have any concerns please Contact Us using the details in this document.
We collect and process some or all of the following types of information from you:
- Your name, email address and any other contact information for you.
- If you contact us, we may keep a record of that correspondence.
With regards to job applications, we collect and process the following information:
- Information that you provide when you apply for a role. This includes information provided through an online job site, via email, in person at interviews and/or by any other method.
- We process personal details such as name, email address, address, date of birth, qualifications, experience, information relating to your employment history, skills and experience that you provide to us.
- We may continue to retain these details for both successful and unsuccessful candidates with informed consent during the application process to improve the efficiency of the recruitment process. If successful candidates decline our offer or more suitable opportunities come up in future for any of the applied candidates, we may get in touch with them to recruit them.
Lawful basis for processing
Our processing of personal data is in the interest of company productivity and development, such as recruitment, and the communication with existing and potential clients and partners. The lawful bases on which we process personal data are consent, contract and legitimate interests. The relevant excerpts from the General Data Protection Regulation, upon which we rely, are:
- (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
Purposes of Processing
We use information held about you in the following ways:
- For business related communications
- To inform you of our products or services through social media
- For authentication when logging into our websites and to communicate the provision of the service
- With legitimate interest to understand the product or service needs of our current and future customers
- To consider your application in respect of a role for which you have applied.
- To consider your application in respect of other roles.
- To communicate with you in respect of the recruitment process.
- To find appropriate candidates to fill our job openings.
We use your information only for the purpose of our business or the entities or services that we own or manage. We do not disclose your information to unrelated third parties.
We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to view it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.
Where we store your personal data
We store your personal data in our business systems.
We will not intentionally transfer your personal data outside of the United Kingdom, EEA or to any organisation governed by public international law. However, the data that we collect from you and process may be stored at a destination (e.g., a cloud IT service provider) outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for our providers, and such staff may be engaged in the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or telephone: 0303 123 1113.
In our projects, products or services, we may need to store sensitive data including clinical, genetic and other scientific data of patients, individuals. We use this data with the highest possible security at various impact levels (US NIST P 800-63-2) in order to be compliant with various regulations.
Our use of products, providers and services may follow one or more of the standards and certifications including but not limited to US NIST P 800-63-2, ISO27001, US HIPAA, Protected Health Information, UK National Health Services’ Information Governance guidelines.
Cambridgene Limited is an organisational member of the Global Alliance for Genomics and Health (GA4GH) and has adopted Data Protection Policy, Guidelines and Practices that are based on the GA4GH toolkits for regulations, ethics, and data security protecting personal, genomic and clinical data. Further information is available from the Links sections.
Our websites, products and services are managed in cloud-based information technology services. We also use external service providers (eg, Google, Amazon and Microsoft) for the provision of our services who may use analytics to record personal information. In such cases, we have taken reasonable measures to ensure that the information is used only for the sole purpose of providing our business services.
Legal basis and legitimate interest
When we collect and use your personal information, we will make sure this is only done accordance with at least one of the legal grounds available to us under Data Protection law.
- One of these is where we have obtained your specific consent to use your information for a previously notified purpose, such as to send you email/text marketing or to provide you with a service or information at your request.
- Another is where we have a legal obligation to use or disclose information about you – for instance, where we are ordered by a court or regulatory authority or we are legally required to hold donor transaction details for Gift Aid or accounting/tax purposes.
- In certain instances, we may collect and use personal information (usually provided in a business context) where this is necessary in our legitimate interest, this includes being able to:
- Conduct our business
- Provision of our products and services
In all cases, we will balance our legitimate interests against your rights as an individual and make sure we only use personal information in a way or for a purpose that you would reasonably expect in accordance with this Policy and that does not intrude on your privacy or previously expressed preferences.
Where we process sensitive personal data (as mentioned above), we will make sure that we only do so in accordance with one of the additional lawful grounds for processing such as where we have your explicit consent, or you have made that information manifestly public. We will take all reasonable measures to notify you of the intended purposes as defined in this section.
Who we share your data with
We share data with third-party service providers (e.g. IT service providers), cloud-based services (e.g. Zoho CRM, Zoho Mail, Asana, FreeAgent, Google and Amazon servers), Banks, payment processors, and sometimes, contractors and other supporters, but these may be done in an aggregated or anonymised way whenever we find the data to be suitable.
How long we retain your data
If you share your personal information through one of the means as described in this document (refer to the How we store your information), the data may be retained indefinitely. This is so we can recognise and approve any follow-up automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information that they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
How we protect your data
We take your privacy seriously so within the confines of a small company and the resources that we have available, we will do our utmost to keep your data safe. We have updated our internal procedures, password protected any data carrying equipment that may leave the office, improved the security of the office, instituted data protection training to our small staff team, and reviewed all the data we hold and deleted any we considered unnecessary for us to hold.
Inappropriate website or other content
If you post or send any content that we believe to be inappropriate, offensive or in breach of any laws, such as defamatory content on our websites or social media pages, we may use your personal information to inform relevant third parties such as your internet provider or law enforcement agencies.
It is always your choice as to whether you want to receive information about our work, products or services. If you do not want us to use your personal information in these ways, please indicate your preferences by sending an email to firstname.lastname@example.org. We will not use your personal information for marketing purposes if you have indicated that you do not wish to be contacted by us for such purposes. However, we may retain your details on a suppression list to help ensure that we do not inadvertently contact you.