Website: Privacy Information Notice

On 25th May 2018 the European Union’s General Data Protection Regulation (GDPR) EU/2016/679 came into effect and replaced all existing UK and EU data protection law.  The GDPR is enforced in the UK by the Information Commissioner’s Office (ICO).  It will continue in force after the UK leaves the EU.

The GDPR is concerned with the collection, processing and security of Personal Data and it gives individuals rights to know what data is held, how it is held, why it is held and to request that it be amended, transferred or destroyed or that the processing of it be restricted.

Personal Data is any information about you which used alone, or combined with other information, would enable someone to identify you.

Personal Data

Microarray recognises its obligation to comply with GDPR and will ensure that Personal Data:-

Microarray is registered with the ICO as the Data Controller under reference number ZA314698

 

Why we need to process your Personal Data

Microarray has to have a reason/reasons for processing your Personal Data - in GDPR this is called a Lawful Basis.  Microarray has identified its Lawful Bases as follows:-

 

Consent Basis

You have provided us with clear given consent for us to process your personal data for a specific purpose. 

 

Contract Basis

We need your Personal Data to enable us to carry out the work that we have agreed to do for you. 

 

Legitimate Interest Basis

There will be occasions on which we need Personal Data from someone with whom we do not have a contractual agreement in which case we will be using that Personal Data on the basis that such processing is necessary for our legitimate interests or the legitimate interests of the business partner or customer.

 

Legal Obligation Basis

We also need Personal Data to fulfil our statutory and regulatory requirements.

 

Special Category Data

The GDPR also lists special types of Personal Data that requires special treatment – these are called Special Category Data, and include information revealing racial or ethnic origin, trade union membership, genetic data/biometric data or data concerning health. 

According to the GDPR legislation and on the rare occasions that Microarray has to process Special Category Data, then as well as satisfying one of the lawful bases above, Microarray will notify you of our need to process this data type and it will also ensure this data is only processed if you have given explicit consent.

If you choose not to provide Personal Data, including on the rare occasions that which is defined as Special Category Data, when requested to do so, we will have to consider whether we can work together.

 

How we will process your personal data

Microarray will only process Personal Data, in accordance with applicable law, for purposes such as:

Your Personal Data is held in electronic form and hard copy.

*Microarray undertakes very little marketing and rarely contacts individuals to advertise services. If and when it does, it does so in ways that are proportionate and have minimal privacy impact.


The types of Personal Data that we process

Microarray process some or all of the following for business partners or customers and for others in respect of whom such Personal Data is required to enable us to carry out the required work for business partners or customers such as:

If required to enable us to carry out our contractual or legal obligations or for our or your legitimate interests, we will also collect information relating to Special Category Data, having received your prior consent to do so.

Who we pass data to?

Microarray may also pass your personal data in the good faith belief that such action is necessary to satisfy our contractual or legal obligations (e.g. to protect and defend the rights or property of or to protect against legal liability/ investigate possible wrongdoing in connection with a service ) or for our or your legitimate interests, we may from time to time pass Personal Data to third parties or other bodies to whom we are obliged by law (or in response to valid requests by public authorities e.g. a court or a government agency) to pass Personal Data (subject always to any overriding rights of business partners or customers confidentiality). 

We may share your personal information with other third parties to enable normal business operations. If Microarray is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. In this situation we will, so far as possible, only share anonymised data with the other party before the transaction completes. Once the transaction is completed, we will share your personal data with the other party if, and to the extent required, under the terms of the transaction.

Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the data is used in a manner consistent with this notice and that the security and confidentiality of the data is maintained.

Who gives us Personal Data

Business partners or customers may give us the Personal Data of other individuals to enable us to carry out work for the business partners or customers.   We will hold such Personal Data securely but will only contact that individual to give them the information contained in this Privacy Information Notice if we have requested the information directly from them ourselves i.e. we will ask them for their specific consent to do so.

 

International transfers of your Personal Data

We do not transfer your Personal Data to any country outside the EU, unless it is necessary to enable us to fulfil our contractual obligations with you, and in such event, we would ask for your specific consent to transfer such information.

 

How long do we keep your Personal Data?

We will keep your Personal Data for the length of your contract/agreement or time working with us plus an additional 6 years after the end date. Data will only be retained as long as it is needed for business purposes. Once it no longer has any business purpose or value it will be securely disposed of as described within the Microarray Data Retention and Disposal Policy (2018).

 

How do we keep your Personal Data safe?

We take all reasonable precautions to prevent the loss, misuse or alteration of the Personal Data that you give us.  Personal Data is held securely in an electronic format (if possible, and where appropriate, with pseudonymisation and encryption), only on fully updated company computer systems, with secure servers. Access to this information will be limited to specified employees.

Please note that for ease of use and compatibility, communications will not be sent in an encrypted form unless you require it and provide the information to enable us to communicate with you in that way.  E-mail unless encrypted is not a fully secure means of communication, therefore please be aware of providing Personal Data by e-mail.   

Your rights (including your right to object to our processing your Personal Data)

The GDPR gives you a number of rights and Microarray will comply so far as it is able, with any requests that you make in this respect.

Right of access (sometimes also called a subject access request)

Right of rectification

Right to erasure (sometimes called the right to be forgotten)

You have the right to have your Personal Data erased if:-



Right to restrict processing

Right to data portability

Right to object

You have the right to request us to stop processing your Personal Data if:-



If you wish to make a request in respect of any of these rights, you may contact us by post, e-mail or by telephone.  We may then contact you to confirm the nature of the request and we may possibly ask you for ID to ensure that we do not disclose Personal Data to the wrong person.  We will then comply with your request within one month of receiving it or of receiving further details or ID if required.  We will provide the information in whatever form you require but please note that we cannot give you remote access to our server.   We will not charge a fee unless the request is manifestly unfounded or excessive or if you have previously requested and received the same information.  We will not provide information about your Personal Data if the request comes from a third party unless that third party provides evidence of its authority to make such a request on your behalf.

 

Microarray Website

Our website – www.microarray.co.uk – uses one cookie – functioning as an analytical tool (this allows us to recognise and count the number of visitors to our site and to determine whether they’re humans and not spam bots.). A cookie is a small text file that is downloaded onto a computer or smartphone when the user accesses a website.  It allows the website to recognise that user’s device and store some information about the user’s preferences.  Cookies are not enabled on our website unless you give express consent (a banner appears on the web page) and therefore unless you consent, the cookies will remain disabled.  You therefore have control over whether they are to function or not. If you’d like to reproduce, store or retransmit any part of the website you’ll need our approval.

  

If you wish to lodge a complaint with a supervisory authority

If you have a complaint, we would very much hope that you would first raise it with us as we would welcome the opportunity to sort it out, however if we cannot do so or if you wish to raise the matter direct with the ICO, the contact details are set out below.

 

Contact details

For queries about the content of this Privacy Information Notice or for further information or to make a request, please contact our Data Protection Officer Stuart Collyer:

 

e-mail

 

telephone

 

website

 

by post

If you wish to contact the ICO, the details are as follows:

telephone

 

website

 

by post

            UK


(updated June 2020)

 

About our company and how we are regulated

own this website. We’re a company registered in England and Wales under Company Number 3734472.

Our Registered Office is: Colworth Science Park, Sharnbrook, Bedfordshire, MK44 1LQ, UK