We are a “data controller” for the purposes of the Data Protection Act 2018 and the EU General Data Protection Regulation 2016/679 (GDPR) and any successor legislation to the GDPR or the Data Protection Act 2018 ("Data Protection Law").
This means that we are responsible for, and control the processing of, your personal information.
We are committed to protecting your privacy. This policy is designed to ensure your personal details are protected when you register as a member by completing registration form, when you subscribe to newsletters, request information from us using the form provided for that purpose and every time you e-mail us your details.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal information but is not considered as personal information under Data Protection Law - as this data does not directly or indirectly reveal your identity.
We may also collect Aggregated Data (so that no individuals are identified) for marketing and strategic development purposes.
3.1 We use different methods to collect data from and about you including: When you interact with us directly, you may give us your Identity Data by filling in forms or by corresponding with us by post, phone and email or otherwise.
3.2 We will only use your personal information lawfully and in accordance with the Data Protection Law. We will mainly use your personal information in the following circumstances:
3.3 We have set out in a table below a description of all the ways we plan to use your personal information and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
3.4 Whenever we process your personal information under the ‘legitimate interest' lawful basis, we make sure that we take into account your rights and interests and will not process your personal information if we feel that there is an imbalance.
3.5 We may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your data.
Purpose / Activity
Type of data
Lawful basis for processing
To manage our relationship with you which will include:
(b) Responding to your requests
(c) Asking you to provide feedback
(d) Communicating with you
(e) Servicing your account
(f) providing you with products, services or information you may request
(a) Perform our contract with you (if any)
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our services)
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and to prevent fraud)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
Necessary for our legitimate interests (to study how browsers and customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, extranet, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about our services that may be of interest to you
Necessary for our legitimate interests (to develop our services and grow our business)
3.6 You may opt-out of receiving communications from us and opt-in and opt-out of receiving communications from our distributors and any other third parties. If you have subscribed to our service and wish to stop receiving information about our products and/or services by sending us an email at email@example.com.
If you wish to stop receiving communications from any of our distributors, or other third parties you must communicate with them directly.
4.1 We may share your data (including your personal information) with our trusted partners and suppliers who work with us or on our behalf. This may include third parties who help us create and send information to you, manage our website and store and back up of data securely. Processing of such data is always carried out under our instruction. We make sure that our partners and suppliers always store any data including personal information securely, delete it when no longer needed and never use it for any other purposes.
4.2 We enter into contracts with these partners and suppliers that require them to comply with the Data Protection Law and ensure that they have appropriate control measures in place in order to secure your information.
4.3 We will never sell your personal information to any other third party organisations so that they can contact you for marketing activities. Nor do we sell any information about your web browsing activity.
4.4 We may disclose your personal information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority); or, in order to enforce our terms and other agreements.
5.1 We may share your personal information within the Stago Group which means any entities affiliated to Diagnostica Stago S.A.S with head office located at 3 allée Théresa - 92600 - Asnières sur Seine - France (for clarity any entity which is under common ownership with Stago). This may involve transferring your data (including personal information) outside the European Economic Area (EEA). If we do this, we will ensure your personal information is protected by requiring all companies in the Stago Group to follow the same rules when processing your personal information.
5.2 We may also transfer your data to our suppliers who are based outside the EEA. Whenever we transfer your personal information out of the EEA, we make sure your data (including your personal information) is protected in a manner which is consistent with how we protect it in at least one of the following ways:
6.1 We take all reasonable steps to keep data you provide (including your personal information) secure and confidential from unauthorized access, misuse or loss.
6.2 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
6.3 We have put in place control procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The personal information collected at the time of your connection to the website may arise in particular from the recording of your IP address, requests for information via the form provided for that purpose, or any other information that you communicate on the website. These personal information shall be used solely for the purposes for which they were sent and collected, unless specified otherwise at the time such personal data are collected. These personal data will be used by us only.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We hereby inform you that by connecting to our website, your personal information may be collected, conserved and used by us - in accordance with Data Protection Law - you have a right of access to and modification, correction and deletion of your personal information. To exercise this right, please contact the Data Protection Officer of the Stago Group at the following address: firstname.lastname@example.org.
By using our website, you expressly consent to the collection and use of your personal information by us.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Last update 24 July 2018