Ellison Oxford Limited Privacy Notice for visitors to Pathogena Website

Welcome to the EIT-Pathogena privacy notice, which informs you as to how we collect and look after personal data of visitors to our website at www.eit-pathogena.com (regardless of where you visit it from). It also tells you about your privacy rights and how the law protects you.

This notice applies to visitors to the website, and we have separate notices applicable to authorised users of our Pathogena web portal.

1. Important information and who we are

Purpose of this privacy policy

This privacy policy gives information on how we collect and processes personal data of visitors to our website.

This website is not intended for children and we do not knowingly collect data relating to children.

Controller

“We” refers to Ellison Oxford Limited, Company Number 1377507, whose registered office is at Three, Bunhill Row, London EC1Y 8YZ, who is the controller and responsible for personal data governed by this privacy notice.

Our Director, Legal is responsible for overseeing questions in relation to the privacy notice. If you have any questions about the privacy notice, please contact Director, Legal at Three, Bunhill Row, London, England, EC1Y 8YZ.

Changes to the privacy notice

We keep our privacy notices under review. This version was updated on 13 August 2024. It is important that personal data we hold is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of your destination website.

2. The data we collect about you

Personal data refers to any information about an individual from which that individual can be identified. It does not include information where the identity has been permanently removed but may include information which is processed by a reference number to partially anonymise the records (pseudo-anonymised data).

We may collect, use, store and transfer different kinds of personal data which we have grouped together

  • Identity Data includes first name, last name, username or similar identifier, title (if you sign up for marketing)
  • Contact Data includes email address and telephone numbers (if you sign up for marketing)
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Communications Data includes any communication preferences that you share with us.

Where possible we use anonymised statistical or demographic data in an aggregated form, so that it is not possible to directly or indirectly reveal the identity of any individual. For example, we may aggregate usage data to calculate the percentage of users accessing a specific website feature.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data: this may impact on our ability to provide some services or information on the website.

3. How is your personal data collected?

Direct interactions

this includes personal data you supply when you complete forms online or correspond with us by post or email. This will include subscriptions, request information, respond to surveys or provide feedback.

Automated technologies or interactions

As you interact with our website, we will automatically collect data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies, server logs and other similar technologies.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our website terms and conditions.

Provided by third parties

we may receive information from an institution that you work with or for which may be connected to online users, but usually only where you have a registered account with us.

4. How we use your personal data

  • We have a lawful basis to collect and process personal data in connection with a contract with you to, or to take steps to enter or perform the contract.

  • Where you have given us express or implied permission to contact you to respond to a specific enquiry or complaint

  • We will use data where we have a legal obligation to do so, or to protect or defend our legal rights

  • We have a lawful basis to rely on our legitimate interest to use data to manage, monitor, maintain and improve our services, support the development of and opportunities to analyse data within the platform to improve the user experience, to support and inform the internal business development of EIT and its associated entities and develop the pathogena project, to monitor and prevent fraud. Where we rely on our legitimate interests, we take reasonable steps to balance the rights of individuals and ensure that our use is reasonable and proportional.

  • We may share information with other EIT connected entities, or as part of a restructuring of our business activities.

  • We may use data to form a view of what we believe will be of interest to you, and where you have given consent, we may send marketing information about our services and programmes. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

5. How we protect your personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed; these measures include encryption, firewalls, access control, and backup systems. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We work with leading third party suppliers of IT systems to support those technical measures, but they are not able to use this data for their own business purposes.

However, no method of transmission or storage is completely secure, and we cannot guarantee the absolute security of your personal data. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

International Transfers

Our connected entities and external third parties may be based outside the UK, so processing of personal data collected about visitors to our website may involve transfers of data outside the UK. At present the data is hosted in the UK, but the website is available globally, and visitors who are based in other countries will be transferring data into the UK.

We may transfer data to countries that are deemed to provide adequate protection for personal data and we will ensure that we have specific contracts to give that protection, where appropriate in accordance with the law.

6. Data retention: how long do we use your personal data

We keep your personal data for as long as necessary to fulfil the purposes for which we collected it, or as required by law.

7. Who we share information with

Information about visitors may be shared within the Ellison group to support the work that we are doing at Ellison Oxford Limited, and the Pathogena project. Where practical, visitor information is shared in anonymised aggregated form to protect individual privacy.

Information may be shared with local or overseas professional advisors, regulators, authorities, courts or agency where necessary to comply with our legal obligations or protect or defend our rights.

If we choose to sell, transfer, merge or restructure our business or assets that may include assets that incorporate personal data. Any such use of the data will continue on the same basis as set out in this privacy notice unless otherwise communicated.

Information including personal data may be collected by and/or share with third parties who provide support services, including but not limited to:

  • Microsoft: Provide communications platforms for support emails with users.

  • Mailchimp: Provide marketing and newsletter support.

  • Insightly: Securely holds user information.

8. What rights you have over your personal data

Under certain circumstances, you have rights under data protection laws in relation to your personal data, as set out below. These rights are not absolute, and may be subject to applicable laws and conditions:

  • The right to know what personal data we are processing about you and obtain a copy of it.

  • The right to rectify the personal data we are processing if it is inaccurate or incomplete.

  • The right to erase personal data if you no longer want us to use it.

  • The right to restrict the processing of your personal data in certain circumstances.

  • The right to object to the processing of your personal data for direct marketing purposes or for other legitimate interests.

  • The right to withdraw your consent to the processing of your personal data at any time, where we ask you to give us your consent.

  • The right to data portability in relation to some services.

  • The right to lodge a complaint with a supervisory authority if you are unhappy with how we handle your personal data.

9. How to contact us

If you have any questions about the privacy notice or requests about your personal data, or if you want to exercise your rights, please contact Director, Legal at Three, Bunhill Row, London, England, EC1Y 8YZ.

If you are unhappy with the way that we have handled our personal data obligations, please contact us. If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to your supervisory authority. For UK users, the Supervisory Authority is the ICO – who can be contacted via: Helpline number: 0303 123 1113; or Website: https://www.ico.org.uk/make-a-complaint