On 25th May 2018 the European Union’s General Data Protection Regulation (GDPR) EU/2016/679 came into effect and replaced all existing UK and EU data protection law. The GDPR is enforced in the UK by the Information Commissioner’s Office (ICO). It will continue in force after the UK leaves the EU.
The GDPR is concerned with the collection, processing and security of Personal Data and it gives individuals rights to know what data is held, how it is held, why it is held and to request that it be amended, transferred or destroyed or that the processing of it be restricted.
Personal Data is any information about you which used alone, or combined with other information, would enable someone to identify you.
Microarray recognises its obligation to comply with GDPR and will ensure that Personal Data:-
Microarray is registered with the ICO as the Data Controller under reference number ZA314698.
Why we need to process your Personal Data
Microarray has to have a reason/reasons for processing your Personal Data - in GDPR this is called a Lawful Basis. Microarray has identified its Lawful Bases as follows:-
You have provided us with clear given consent for us to process your personal data for a specific purpose.
We need your Personal Data to enable us to carry out the work that we have agreed to do for you.
Legitimate Interest Basis
There will be occasions on which we need Personal Data from someone with whom we do not have a contractual agreement in which case we will be using that Personal Data on the basis that such processing is necessary for our legitimate interests or the legitimate interests of the business partner or customer.
Legal Obligation Basis
We also need Personal Data to fulfil our statutory and regulatory requirements.
Special Category Data
The GDPR also lists special types of Personal Data that requires special treatment – these are called Special Category Data, and include information revealing racial or ethnic origin, trade union membership, genetic data/biometric data or data concerning health.
According to the GDPR legislation and on the rare occasions that Microarray has to process Special Category Data, then as well as satisfying one of the lawful bases above, Microarray will notify you of our need to process this data type and it will also ensure this data is only processed if you have given explicit consent.
If you choose not to provide Personal Data, including on the rare occasions that which is defined as Special Category Data, when requested to do so, we will have to consider whether we can work together.
How we will process your personal data
Microarray will only process Personal Data, in accordance with applicable law, for purposes such as:
Your Personal Data is held in electronic form and hard copy.
*Microarray undertakes very little marketing and rarely contacts individuals to advertise services. If and when it does, it does so in ways that are proportionate and have minimal privacy impact.
The types of Personal Data that we process
Microarray process some or all of the following for business partners or customers and for others in respect of whom such Personal Data is required to enable us to carry out the required work for business partners or customers such as:
If required to enable us to carry out our contractual or legal obligations or for our or your legitimate interests, we will also collect information relating to Special Category Data, having received your prior consent to do so.
Microarray may also pass your personal data in the good faith belief that such action is necessary to satisfy our contractual or legal obligations (e.g. to protect and defend the rights or property of or to protect against legal liability/ investigate possible wrongdoing in connection with a service ) or for our or your legitimate interests, we may from time to time pass Personal Data to third parties or other bodies to whom we are obliged by law (or in response to valid requests by public authorities e.g. a court or a government agency) to pass Personal Data (subject always to any overriding rights of business partners or customers confidentiality).
We may share your personal information with other third parties to enable normal business operations. If Microarray is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. In this situation we will, so far as possible, only share anonymised data with the other party before the transaction completes. Once the transaction is completed, we will share your personal data with the other party if, and to the extent required, under the terms of the transaction.
Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the data is used in a manner consistent with this notice and that the security and confidentiality of the data is maintained.
We will keep your Personal Data for the length of your contract/agreement or time working with us plus an additional 6 years after the end date. Data will only be retained as long as it is needed for business purposes. Once it no longer has any business purpose or value it will be securely disposed of as described within the Microarray Data Retention and Disposal Policy (2018).
We take all reasonable precautions to prevent the loss, misuse or alteration of the Personal Data that you give us. Personal Data is held securely in an electronic format (if possible, and where appropriate, with pseudonymisation and encryption), only on fully updated company computer systems, with secure servers. Access to this information will be limited to specified employees.
Please note that for ease of use and compatibility, communications will not be sent in an encrypted form unless you require it and provide the information to enable us to communicate with you in that way. E-mail unless encrypted is not a fully secure means of communication, therefore please be aware of providing Personal Data by e-mail.
The GDPR gives you a number of rights and Microarray will comply so far as it is able, with any requests that you make in this respect.
You have the right to have your Personal Data erased if:-
Our website – www.microarray.co.uk – uses one cookie – functioning as an analytical tool (this allows us to recognise and count the number of visitors to our site and to determine whether they’re humans and not spam bots.). A cookie is a small text file that is downloaded onto a computer or smartphone when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences. Cookies are not enabled on our website unless you give express consent (a banner appears on the web page) and therefore unless you consent, the cookies will remain disabled. You therefore have control over whether they are to function or not. If you’d like to reproduce, store or retransmit any part of the website you’ll need our approval.
If you have a complaint, we would very much hope that you would first raise it with us as we would welcome the opportunity to sort it out, however if we cannot do so or if you wish to raise the matter direct with the ICO, the contact details are set out below.
For queries about the content of this Privacy Information Notice or for further information or to make a request, please contact our Data Protection Officer Stuart Collyer:
If you wish to contact the ICO, the details are as follows:
(updated June 2020)
About our company and how we are regulated
own this website. We’re a company registered in England and Wales under Company Number 3734472.
Our Registered Office is: Colworth Science Park, Sharnbrook, Bedfordshire, MK44 1LQ, UK