Privacy Policy

1. Introduction

1.1. Astrea Bioseparations Ltd., as data controller, is responsible for the processing of your personal data obtained through our website, www.astreabioseparations.com (the “Website”) or otherwise provided by or about you in the course of our business. Our Website is owned and operated by Astrea Bioseparations (“Astrea”) for your personal and non-commercial use and information. When referring to “Astrea”, “we” or “us” in this Policy, it refers to Astrea.

Please carefully read this Policy. This Policy outlines our practices to ensure that we provide adequate level of protection to your personal data and it explains:

  • what personal data we collect about you when visiting our Website or otherwise in in the course of your engagement with us;
  • for what purpose we collect your personal data and how we use it,
  • who it is disclosed to and how long we keep it;
  • your legal rights in respect of your personal data that we collect, including how to access and update the information we hold about you.

1.2. By using our Website and/or by providing us with your personal data, you are agreeing to the terms of this Privacy Policy (the “Policy”). Please also refer to Section 2 of this policy to find out what personal data we collect about you, the purpose why we collect it, who it is transferred to, how long we keep it and the reasonable steps taken to protect your personal data. These Policies also describe your rights in respect of the personal data we collect about you.

Click to go back to menu

2. What personal data we collect about you and for what purpose

2.1 The reasons and methods for collecting, using and transferring your personal data varies depending on why and how you use our services. Please select the relevant category from the below list to see more specific information regarding how we process your personal data in connection with the services you receive from us. Are you:

  1. One of our service providers?
  2. Applying for a job with us?
  3. A visitor to one of our offices?
  4. One of our customers?

2.2 Regardless of how you engage our services, we will generally process personal data about you in the below circumstances:

  • If you are visiting our Website (including as a customer or job applicant): We may collect and process data about your use of our Website and services (“usage data”), for Website analytics, such as your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. We will not store or use this information except as required for system administration of our web server . Our legal basis for doing this is legitimate interests (system administration, market research and improving our business offering, and to protect the security and integrity of our Website).
  • For marketing purposes (but only where you have given your consent for us to do so): We may collect and process personal information that you provide to us when subscribing to our emails, or raising enquiries regarding our goods and services (“enquiry data”) for the purpose of subscribing to our email notifications, marketing materials, webinars and/or newsletters (“notification data”). The notification data may be processed for the purposes of sending you the relevant notifications, webinar information, marketing materials and/or newsletters. Our legal basis for doing this is your consent, you give at the time of submitting your relevant personal data, which you may withdraw at any time.
  • For responding to enquiries and communications you make with us: We may collect and process information contained in or relating to any communication or enquiries that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be collected and processed for the purposes of communicating with you and any other parties necessary for that communication (e.g. other parties cc-ed into the correspondence) and record- keeping for the proper administration of our Website and for business operations. Our legal basis for doing this is for performance of a contract with you or taking pre-contractual steps at your request.
  • For our legitimate business purposes: We may collect and process any of your personal data where we believe in good faith is reasonably necessary for our business purposes, including:
    • to negotiate and enter into commercial or corporate transactions;
    • for audits, monitoring and prevention of infringement or other misuse of our products, services and/or other intellectual property rights;
    • for the establishment, exercise or defence of legal claims and enforce our legal rights, whether in court proceedings or in an administrative or out-of-court procedure or as part of any criminal or other legal investigation;
    • to manage risks or obtain professional advice;
    • operating and ensuring the security of our Website and Services and maintain back-ups of our databases; and
    • to obtain or maintain insurance coverage.

The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others, and the proper protection of our business against risks.

Click to go back to menu

 

3. Disclosing your personal data to others

3.1 When we share data with these third parties, we put contractual arrangements and security mechanisms in place as appropriate to protect your personal data.

3.2 We may disclose your personal data to any member of our group of companies (this means to Astrea Bioseparations Ltd and all of its affiliates worldwide) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

3.3 We may disclose your personal data to third parties who act on our behalf, for further processing, such as our insurers, , service providers, and/or professional advisers for further processing in accordance with the purpose for which the data was originally collected or insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, obtaining technical support, , to protect your safety or the safety of others, ensure our Website integrity and security or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure or in connection with a criminal or other legal investigation.

3.4 We may share usage data that is collected/transferred to third party sites including Google Analytics, Pardot and Uberflip. We use your usage data to monitor and improve our Website and services. The legal basis for this processing is monitoring and improving our Website and services.

3.5 Financial transactions relating to our Website and services are handled by our payment services providers, WorldPay and PayPal. We will share account data and transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at:

https://www.worldpay.com/uk/privacy-policy, https://www.paypal.com/en/webapps/mpp/ua/privacy-full

3.6 We may disclose your enquiry data to one or more of those selected third-party suppliers of goods and services identified on our website for the purpose of enabling them to contact you so that they can offer, market and sell you relevant goods and/or services. Each such third party will act as a data controller in relation to the enquiry data that we supply to it; and upon contacting you, each such third party should supply to you a copy of its own privacy policy, which should govern that third party’s use of your personal data. The legal basis for this processing is your consent, which you may withdraw at any time.

3.7 In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data where we believe in good faith that such disclosure is reasonably necessary for compliance with a legal obligation to which we are subject, or in order to protect your legal interests or the legal interests of another person. We may disclose your personal data to a third party in the event that our business, or a part of our business, is sold, assigned or transferred, in which case we will require such third party to process your personal data in compliance with this Privacy Policy. We may also disclose your personal data where such disclosure is necessary pursuant to applicable law or regulations, requests from governmental authorities, for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure or in connection with a criminal or other legal investigation.

Click to go back to menu

 

4. International transfers of your personal data for individuals residing in the EEA or UK

4.1 In this Section 4, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA), and the UK.

4.2  We have offices in the USA, Canada and the Isle of Man and many of the external parties we work with to provide our services are based outside of the EEA and UK. Although the hosting facilities for our website are situated in London, UK  your personal data may be transferred to another country with different data protection laws.

4.3 Transfers any recipients outside of the EEA (including to Astrea’s affiliates) will be protected by appropriate safeguards, namely:

  • Ensuring recipients reside in countries benefitting from an “adequacy decision” by the European Commission, namely Canada and the US (in instances where the recipients have been certified under the Privacy Shield Framework); or
  • By entering into EU Commission approved standard contractual clauses with the relevant recipients.

Information stored for backup purposes will be stored securely. You can obtain further information about how we manage any transfers of your personal data abroad, including the safeguards in place for your international transfers of personal data by contacting us (see “Contact Us” Section 12) and the Privacy Shield scheme at www.privacyshield.gov.

Click to go back to menu

5. Retaining your personal data

The following section only applies if you are based in the EEA or in the UK.

5.1 We will only retain your personal data for as long as is necessary to fulfil that purpose or those purposes for which it was collected or for as long as such retention is necessary for compliance with a legal obligation or a legal basis to protect our interest to which we are subject, or in order to protect your interests or the interests of another natural person.

5.2 If you require further information around retention periods in relation to your personal data, please contact [email protected].

Click to go back to menu

 

6. Amendments

6.1 We may update this policy from time to time by publishing a new version on our website.

6.2 You should check this page regularly to ensure you are happy with any changes to this policy.

6.3 We may contact the data subject with details of change where appropriate by email or otherwise.

Click to go back to menu

 

7. Your rights

The following section only applies if you are based in the EEA or in the UK.

7.1 Under certain circumstances, you have rights under the General Data Protection Regulation in relation to the personal data we hold about you. You can request to:

  • access the personal data information we hold about you. Please note that we reserve the right to request for proof of your ID to process your request, and to charge you a reasonable administrative fee for any repetitive, manifestly unfounded or excessive requests. If we refuse your request to exercise this right, we will give reasons for our refusal and allow you to challenge our decision.
  • rectify any incorrect or incomplete personal data we hold about you. It is both in our interest and yours that any personal information we hold about you is accurate, complete and current.
  • delete, restrict or remove the personal data we hold about you.
  • transfer the personal data we hold about you to another party.
  • object to any further processing of your personal data.

You can make all such requests via emailing our Data Protection Committee [email protected].

Please note that in respect of all these rights we reserve the right to refuse your request based on the exemptions set out in the applicable data protection laws.

In most cases no fee will be charged. However, if a request is manifestly unfounded or excessive a fee may be charged for the administrative costs of complying with the request. Such fee will be based on the administrative costs of providing further copies.

If you have any concerns about how we process your personal data, please contact us at [email protected]. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with our main supervisory authority in the EU, the Information Commissioner’s Office (ICO) in the UK. Please see the ICO’s website for further details, www.ico.org.uk.

Click to go back to menu

8. Third party websites

8.1 Our website includes hyperlinks to, and details of, third party websites.

8.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.

Click to go back to menu

9. Personal data of children

9.1 Our website is targeted for people over the age of 18. We do not knowingly collect personal data from minors (under 18).

Click to go back to menu

10. Updating information

10.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.

Click to go back to menu

11. Changes to this policy

11.1 We may from time to time review and amend this Privacy Policy to take into account changes in law, technology and our operations. We will post any changes to this Privacy Policy on our Website from time to time and where appropriate, notify you by email. Please periodically review this Privacy Policy before using our Website as continued use of our Website shall indicate your acceptance of any changes. All personal information held by us will be governed by the most recent Privacy Policy posted on our Website.

Click to go back to menu

 

12. Contact us

12.1 If you wish to contact us about this Privacy Policy or wish to exercise your data privacy rights, you can contact us by emailing [email protected].

Click to go back to menu

 

Appendix A

Specific information about your data

Please click the relevant headings below to see more specific information about the personal data that we may collect and process about you, our purposes for collecting this data and our legal grounds for doing so on top of the processing activities listed in section 2 above.  

1. If you are one of our service providers

Information that we may collect or process about you includes the following:

  • Basic business contact information about you, such as your name and contact details
  • Financial information, such as your bank account details for managing transactions and payment of fees

Why do we collect your personal information and on what grounds?

Purpose for processing Legal Basis
Managing our relationship with you Performance of a contract
Verifying your identity and preventing fraud (e.g. KYC and AML checks) Compliance with our legal obligations
Completing any requests you make Performance of a contract
Using your bank details to process any payments Performance of a contract

Click to go back to menu

  1. If you are applying for a job with us

Information that we may we collect and process about you includes the following:

  • Personal information about you, e.g. name, age, gender, title, date of birth, ethnicity, religion, veteran status and disabilities
  • Contact information, e.g. email, phone number, address, postcode
  • Employment history and education, e.g. employer company name, company registration number, company address, job title at company
  • Contractual information, e.g. details about your application, such as your chosen role, employment requirements (e.g. contractual days/hours), date available and desired pay
  • Any personal information contained in your CV or supporting application, e.g. visa requirements, qualifications, details of any disability requiring reasonable adjustment requirements to the recruitment process

Why do we collect and process your personal information and on what grounds?

Purpose for processing Legal Basis
Processing your job application and managing communications with you in respect of the application process Performance of a contract with you (by taking steps at your request prior to entering into a contract)
Storing your details on our database for future suitable job opportunities Our legitimate interests (marketing similar services to those previously requested)
Ensuring appropriate levels of interview and assessment support for candidates requiring reasonable adjustments or special consideration due to specific impairments Compliance with our legal obligations
Keeping records of recruitment track records for internal analytics and research purposes Our legitimate interests (improving our recruitment practices)
To comply with government reporting regulations for example in relation to equal opportunity recruitment Compliance with our legal obligations

Click to go back to menu

  1. If you are a visitor to one of our offices

Information that we may collect and process about you includes the following:

  • CCTV (Close Circuit TeleVision) images, e.g. images of you or your vehicle as you visit our premises
  • Personal information about you as a visitor, e.g. your name and details of whom you are visiting or making a delivery to, job title
  • Company information, e.g. employer company name
  • Identification information, e.g. ID card or similar

Why do we collect your personal information and on what grounds?

Purpose for processing Legal Basis
The prevention, investigation and detection of crime (including sharing images of you to the police or other law enforcement agency) Our legitimate interests (in helping to keep our staff, visitors and our premises free from crime)
To enhance the safety of staff and the public (including sharing images of you to the police or other law enforcement agency) and to ensure the security of our offices and protection of our tangible and intangible assets. Our legitimate interests (in helping to keep our staff, visitors and our premises free from crime)
To identify you and facilitate your visit to our premises Our legitimate interests (in running our business, receiving deliveries and holding meetings at our premises)

Click to go back to menu

  1. If you are one of our customers

Information that we may collect and process about you includes the following:

  • Basic business contact information about you, such as your name and contact details
  • Contractual information, e.g. details about your purchase
  • Financial information, such as your bank account details for managing transactions

We collect this personal data from you when you complete the relevant registration form on our Website or otherwise correspond with us.

Purpose for processing Legal Basis
Sending you marketing emails and contacting you about our business and products which we think may be of interest to you Our legitimate interests (direct marketing to corporate recipients)

Your consent (if you are acting as an individual, sole trader or partnership)

Verifying your identity and preventing fraud (e.g. ID checks) Compliance with our legal obligations
Using your bank details to process any payments and bill you for products and services you request Performance of a contract
Managing our relationship with you (including provision of customer support) Performance of a contract
Providing the products and services you request from us Performance of a contract

Click to go back to menu

Appendix B

Third Parties

Sales Force https://www.salesforce.com/uk/campaign/gdpr/
Pardot https://www.salesforce.com/gdpr/pardot/

https://www.salesforce.com/company/privacy/

Microsoft products: Outlook, Excel, Word https://www.microsoft.com/en-us/TrustCenter/CloudServices/office365/GDPR
Syspro ERP https://eu.syspro.com/product/gdpr/
DHL https://www.logistics.dhl/global-en/home/footer/global-privacy-notice.html
FedEx https://www.fedex.com/en-gb/privacy-policy.html

Updated contracted in shared SecuriSynce file

Royal Mail log books https://www.royalmail.com/privacy-notice
Barclays Bank https://wealth.barclays.com/banking-and-investing-overseas/en_gb/home/others/controlling-your-data.html
Sage https://www.sage.com/en-gb/gdpr/
LeavePlanner https://www.leaveplanner.com/data-processing-agreement/
Wordfence https://www.wordfence.com/privacy-policy/
WorldPay https://www.worldpay.com/uk/worldpay-privacy-notice
PayPal https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
Amazon https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/
Uberflip https://www.uberflip.com/gdpr/ – https://www.uberflip.com/legal/data-processing-amendment/
Google https://privacy.google.com/businesses/compliance/#?modal_active=none
Contact Form 7 https://contactform7.com/faq/is-contact-form-7-compliant-with-gdpr/
CDA (Confidential Disclosure Agreements)
MTA (Material Transfer Agreements)

Click to go back to menu