Brainomix UK Privacy Statement
Introduction
Brainomix Limited (UK) is both a Controller and Processor for the purposes of the Data Protection Legislation. A “controller” is an entity that controls how and why personal data is processed and a “processor” uses, handles or works with the data under the instruction of the controller, typically one of our clients, such as a hospital.
Brainomix Limited obtains, uses, stores, and otherwise processes personal data relating to current, prospective, and former employees, website users, contacts including customer and hospital clinical and administrative staff contacts as well as contacts relating to business-to-business activities.
In this context Brainomix Limited is a Controller because we determine what data we process, why it is processed, how it is processed and the legal basis for processing.
This Privacy Statement relates to Brainomix Limited as a Controller and explains the types of personal data we may collect about you when you interact with us or when your organisation or employer contracts or is contemplating entering into a contract with us. It also explains how we store and handle that data and keep it safe.
Please note that this Privacy Statement does not apply to job applicants whose personal data we process. You will find a link to a Privacy Statement for job applicants at the end of this Statement.
You will also find a link for more information about the processing activities we engage in, as a processor, on behalf of controllers in a link at the end of this statement.
How we use your personal data
How we use your personal data depends on whether you are a business contact or a visitor to our website. We use your personal data for the following purposes:
- Managing our business, for instance, dealing with our customers' staff and invoicing for our services.
- With your consent, sending you emails about our products and services.
- Computing statistical information about our website users.
Our legal basis
The legal basis for our processing of your personal data are:
Legitimate Interests
We process your personal data when it is necessary for our legitimate interests in running our business, e.g. for (with your permission) marketing, operating our website, and entering into, performing and managing contracts with you, your organisation or employer.
We process your personal data when it is necessary for the legitimate interests of your organisation or employer, e.g. instance in entering into a contract with us or receiving our products and services.
Examples of when we collect your personal data
- When you visit our website.
- When you register on our website.
- When you engage with us on social media.
- When your organisation or employer purchases any of our products and services.
- When you contact us with queries or complaints.
- When you ask for information about our products or services.
- When you complete any surveys we send you.
- When you complete the contact form on our website.
- When you enter into any of our competitions.
- When you enter into a contract with us.
- When you participate in research or clinical studies led by us.
We usually collect your personal data directly from you, but sometimes we obtain your personal data from one of our distributors or customers. Sometimes your organisation or employer may provide your personal data to us.
You are not obliged to provide any personal data to us.
What personal data we collect and use
We collect and use the following kinds of personal data:
- Information about your computer and visits to our website, including but not limited to your IP address, browser type, and operating system.
- Personal data that you provide when registering with us, including your name and email address.
- Personal data that you or your organisation or employer provide for the purposes of communication, including your name, role, email address and telephone numbers.
- Personal data contained in or relating to any communications that you send to us, either through our website or otherwise.
- Personal data we need in order to fulfil a contract with you and meet legal obligations.
- Personal data such as your name, role, organisation and e-mail address in order to manage and process results from research activity including clinical studies.
For users of Brainomix products we may use personal data provided by you or your organization or employer, including your name, e-mail address and phone number for the purposes of collecting non-marketing technical, clinical and usability feedback on our installed products in order to provide support services.
We will not use any personal data for marketing purposes without your explicit consent.
Your rights
Access
You can ask us to confirm whether we hold or use your personal data. If we do, you can ask for a copy of it.
Correction
You can have incomplete or inaccurate personal data corrected. We may need to check the accuracy of any new data you provide.
Erasure (the right to be forgotten)
You can ask for your personal data to be deleted if there is no good reason to continue using it.
You can also ask for your personal data to be deleted if:
- you have objected to its use (see below);
- it is being used illegally; or
- it must be deleted to comply with the law.
Restriction
You can ask for the use of your personal data to be suspended in the following circumstances:
if you want the data's accuracy to be established;
if the use of your personal data is illegal, but you do not want it deleted;
if you need the data to be held in connection with a legal claim, but we do not need it; or
you have objected to the use of your personal data but we need to check whether it has overriding legitimate reasons to use it.
Object
If the legal basis for our using your personal data is legitimate interests, and you think that affects your rights, you can object to the use of your personal data.
In some cases, we may have compelling legitimate grounds to use your personal data and those grounds may override your rights.
Object to direct marketing
You can object if we use your personal data for direct marketing purposes.
Withdraw consent
If you have given consent to the processing of your personal data, you can withdraw that consent at any time.
If you withdraw consent, that will not affect the earlier use of your data with your consent.
Transfer of data (data portability)
If you provided your personal data and:
- you consented to its use; or
- it was used to perform a contract with you, and
- it is processed electronically,
you can ask that your personal data be sent to you or to someone else.
Disclosing your personal data
We may disclose your personal data to:
- Someone who wants to buy or buys our company or business.
- If our business assets are sold, personal data will be one of the assets transferred to the buyer.
- Any business we merge with.
- Any company or business we buy.
- Anyone we use to process personal data for us (a ‘processor’), such as the provider of our IT systems. That person will be obliged to:
- use personal data only for our purposes;
- process it only on our instructions; and
- have appropriate security and technical measures in place to protect the data.
- Our professional advisers. They are obliged to keep it confidential.
- To the police and other law enforcement agencies.
- Anyone else if the law means that we must disclose data to them.
- Anyone else to protect our rights and property or to protect the rights or property of someone else.
Transfers of personal data outside the UK and EEA
We do not intend to transfer personal data outside the UK and European Economic Area, but if we change our mind about that we will let you know (by posting a notice on our website or sending you an email):
- details of the intended transfer; and
- whether the country is considered to have adequate protection for personal data; or
- about the steps we take to protect the data.
Our staff may access personal data when they are outside the UK (e.g. EEA), but the same safeguards apply as if our staff were accessing personal data from within the UK.
How long we keep your personal data
We retain your personal data only for as long as is necessary for the purpose for which we collected it.
We retain personal data used for marketing purposes for more than 18 months from when we collected it. If you ask us to stop sending you marketing, we will keep your name and email address and mark them so that they are no longer used for marketing.
- Personal data relating to visitors to our website is retained for 7 years.
- Personal data relating to contacts at our customers is retained for 7 years.
- Personal data relating to other business contacts is retained for 7 years.
At the end of the retention period personal data is either securely deleted or anonymised, except any personal data that we need to retain to show that we have complied with data protection law, or unless the law requires us to keep it for longer, or we need it to exercise our legal rights.
If we anonymise your personal data, it will no longer be personal data and we may keep and use it for longer.
How we protect your personal data
The security of your personal data is important to us. We have appropriate technical and organisational measures to prevent the accidental loss, misuse, unauthorised access to or unauthorised alteration or disclosure of your personal data.
Access to your personal data is given only to those who have a need to know and are subject to a duty of confidence, via authenticated access only, controlled by our technical administrative staff
All personal data is encrypted at rest and in flight.
We cannot guarantee the security of all data sent over the internet, unless the transport protocols are of a secure nature (encrypted in flight).
Other websites
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow someone else to collect or share data about you.
We do not control other people's websites and we are not responsible for their privacy policies or their or privacy notices/statements.
This Privacy Statement does not apply to any website operated by anyone else. If you visit a website operated by someone else, please read its Privacy Notice (or privacy policy or statement) to find out how it uses your personal data.
Cookies
Our website uses persistent cookies from Google Analytics to collect statistics on site visitors. These track your visit, and are used to allow us to improve our website based on how users use it.
Our website uses persistent cookies from Twitter to enable viewing of the Twitter timeline.
Except for essential cookies, we set cookies only if you have agreed to allow that cookie. If you do not want to allow a cookie, some website functionality may suffer.
If you have allowed a cookie, you may change your preference by selecting the “Cookie preferences” button in the bottom right of the website and adjusting your selection appropriately.
You may delete it at any time through your browser, typically on the browser's privacy or security options page.
Brainomix's details
This website is owned and operated by Brainomix Limited.
Brainomix Limited is the controller of your personal data. Brainomix Limited is a company registered in England and Wales with the registration number 07426406.
Our registered office is at:
Brainomix Limited,
First Floor, Seacourt Tower
West Way
Oxford OX2 0JJ
We are registered with the UK Information Commissioner's office with the reference ZA053494.
If you wish to exercise any of your rights or if you have any concerns or complaints about the use of your personal information, please contact our data protection officer at: dpo@brainomix.com
Complaints to the Information Commissioner's Office
You always have the right to lodge a complaint with the Information Commissioners Office about how we handle your personal data, but please contact us first to see if we can resolve your issue.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Changes to this Privacy Statement
This Privacy Statement was last updated on 24th February 2021.
If we change how we use your personal data, we will let you know, either by posting a notice on our website or sending you an email.
If you don't agree to the changes, you can stop using our services and stop giving us personal data and, if you are registered with us, cancel your registration.
Job applicant privacy notice
Click here to review our job applicant privacy notice.
Information on processing patient data for hospitals
Please click here to learn more about how Brainomix processes patient and other data.