Privacy Notice

1. Introduction

PeploBio Ltd  (referred to as “We, “Our” or “Us”), is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of our clients and customers that communicate (online or offline) with us. We have therefore developed this privacy notice to inform you of the data we collect, what we do with your information, what we do to keep it secure, as well as the rights and choices you have over your personal information. Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018, GDPR (United Kingdom General Data Protection Regulation) (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation.

Location:
Unit 26, Surrey Technology Centre,
40 Occam Road, Guildford,
Surrey, GU2 7YG

2. Data Processing Principles

PeploBio complies with the governing data protection principles, which states that personal data shall be:

- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.

3. Collection of personal information

The type of information that we may collect on you or that you may voluntarily provide to us includes:

- Background information provided by you or collected by us as part of our recruitment processes.
- Contact information such as your email address, fax and phone number(s), physical addresses etc.
- Technical information such as your IP address, which may be obtained when you visit our website;
- Contact details such as; your name, telephone number, email address, that you provide to us when making an enquiry by post, phone, email, when registering on our online applications or by completing a questionnaire online or offline.
- Personal information provided to us by or on behalf of our clients when making a purchase on our website or activating a test kit purchased from us.
- Personal information submitted to us when activating a test kit purchased from us.
- Any other information relating to you which you may provide to us when using other services or products.

We may, in further dealings with you, extend this information to services used, records of events and agreements.

4. How we use your personal information and the applicable lawful basis

In order to make the Website and Services available to you, or to meet a legal obligation, we may need to collect and use certain Personal Information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Any of the information we collect from you may be used for the following purposes:

- To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about (Performance of a Contract);
- Make available our services to you (Performance of a Contract);
- Take payment from you or give you a refund (Performance of a Contract);
- To power our security measures and services so you can safely access our website (Performance of a Contract);
- Contact you about our services, for which you have previously expressed some interest (Legitimate Interest);
- To share your feedback for business purposes, including marketing and quality assurance (Consent);
- To carry out surveys and help us understand more about you as a customer, the products and services you consume, so we can serve you better (Legitimate Interest);
- Analytics from our website using cookies, in order to improve our contents and website functionality (Legitimate Interest);
- Carry out tests e.g. PCR & Lateral Flow Covid tests, and share test results with the UK Government (Legal Obligation)
- Help answer your questions and solve any issues you have (Performance of a Contract).

5. Our use of cookies

In order to provide you with the best, tailored experience our site will need to place small text files, or ‘cookies’, on your computer.

- Most cookies that we use are ‘session’ cookies and only exist for the time that you are using our site. They perform functional tasks – such as remembering that you are logged in as you move from page to page or to pre-load your personal details into forms to save you time.
- We also track cookies anonymously to fuel our site analytics and learn how to improve your experience and hone the relevance of our products and services.
- PeploBio uses third-party services to help maintain the security and performance of the PeploBio website. To deliver this service it processes the IP addresses of visitors to the PeploBio website, blocking potentially harmful traffic.
- You can manage your cookie preference by using our cooking management tool or modify your browser settings to accept or reject cookies.
- You can learn more about cookies here www.allaboutcookies.org

6. Who we may share your information with

We may share your personal data with other organisations in the following circumstances:

- If the law or a public authority requires us to share the personal data; or
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk).
- We use third party payment processors to assist us in processing your payment information securely. Such third-party processors' use of your Personal Information is governed by their respective privacy policies which may or may not contain privacy protections as protective as this Policy. We suggest that you review their respective privacy policies.
- We may employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it. We use data processors who are third parties who provide elements of services for us. We have Data Processor Agreements in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct.

Your Information may be shared with other companies within our group and with third parties:

- if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our rights.

7. Retention of information

We will retain and use your Personal Information for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements unless a longer retention period is required or permitted by law. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.

8. Transfer of information outside the United Kingdom

By the nature of the Internet, the personal data you supply through this website may be sent electronically to servers anywhere in the world. It may be used, stored and processed anywhere in the world, including countries outside the United Kingdom (UK). If PeploBio transfers the data outside the United Kingdom, it will ensure that all reasonable security measures are taken and that any third-party processors will be required to process the data in accordance with PeploBio’s instructions and appropriate safeguards permissible by the UK Government.

9. Data protection rights under GDPR

If you are a resident of the United Kingdom and European Economic Area (EEA), you have certain data protection rights and Peplobio Ltd aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information. If you wish to be informed what Personal Information we hold about you and if you want it to be removed from our systems, please contact us. In certain circumstances, you have the following data protection rights:

- You have the right to request access to your Personal Information that we store and have the ability to access your Personal Information.
- You have the right to request that we correct any Personal Information you believe is inaccurate. You also have the right to request us to complete the Personal Information you believe is incomplete.
- You have the right to request the erasure of your Personal Information under certain conditions of this Notice. Please note that this right is not absolute. Therefore, we may not be required to comply to the request to erasure for the processing of data, where we are required to retain by law.
- You have the right to object to our processing of your Personal Information.
You have the right to seek restrictions on the processing of your Personal Information. When you restrict the processing of your Personal Information, we may store it but will not process it further.
- You have the right to data portability, to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
- You also have the right to withdraw your consent at any time where Peplobio Ltd relied on your consent to process your Personal Information.
- You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, please contact the Information Commissioner’s Office (ICO)

10. How to exercise these rights

Any requests to exercise your rights can be directed to Peplobio Ltd through the contact details provided below. Please note that we may ask you to verify your identity before responding to such requests. Your request must provide sufficient information that allows us to verify that you are the person you are claiming to be or that you are the authorised representative of such person. You must include sufficient details to allow us to properly understand the request and respond to it. We cannot respond to your request or provide you with Personal Information unless we first verify your identity or authority to make such a request and confirm that the Personal Information relates to you.

11. Privacy of children

We do not knowingly collect any Personal Information directly from children under the age of 18. If you are under the age of 18, please do not submit any Personal Information through the Website and Services. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through the Website and Services without their permission.

12. Information security

We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and the Website and Services cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.

13. Data breach

In the event we become aware that the security of the Website and Services has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law.

Contacting us

If you would like to contact us to understand more about this Privacy Notice or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to dataprotection@peplobio.co.uk.

This Privacy Notice was last updated on 1 December 2021