Privacy Policy

D2i-Vantage Ltd (“D2i”) recognises that privacy is important when communicating with customers, suppliers and other third parties.This notice explains how we collect, store, use and share personal data as governed by the EU General Data Protection Regulation (GDPR).

GDPR aims to prevent security breaches and the loss of personal data by any organisation that holds or processes data. It is addressed to individuals outside our company with whom we interact.

Introduction

Under GDPR D2i-Vantage Ltd is the Data Controller.We are a specialist provider of scientific data analysis software for processing laboratory measurement data.

What personal data do we collect?

The type and categories of personal data which we may collect include:

  • Personal details: Name, address, account settings, email signature, etc.

  • Contact details: Telephone number, email address, company name, etc.

  • Device details: Device type, operating system, browser details, IP address, dates/times of connection to the site, and other technical communications information

  • Payment details: Billing address, bank details, account-holder details, credit ratings, VAT number or equivalent, etc.

  • Usage details: Registration details, details of content with which you interact, downloads, page views etc.

  • Analytics: Location (through IP address), behaviour (based on cookies), etc. (for further information see below, under 'Cookies and similar technologies').

D2i will ensure that the personal data it collects will be adequate, relevant and not excessive for the purposes required. It will be kept accurate and up-to-date based on information provided, and to the best of our ability thereafter.

Sensitive personal information

D2i does not knowingly collect sensitive personal information (as defined under GDPR) from customers, suppliers or third parties, and you must not submit such information to us. Sensitive information inadvertently submitted to us will be processed so far as is necessary for the purposes of deleting it.

Children’s data

We do not intend to process personal data from any data subject under the age of 18, and we do not knowingly collect such data. If any such data comes to our attention we will delete it.

How do we collect your data?

Examples of sources from which we may collect your Personal Data include the following:

  • When you provide it to us, e.g. where you contact us via email, telephone, web chat or by any other means. We do not record phone calls.

  • In the ordinary course of our relationship with you, e.g. in the course of fulfilling supply of goods and services, whether for a fee or not.

  • When you manifestly choose to make the data public by completing contact forms, including information collected via the website.

  • From third parties who provide it to us (see below, 'Data received from third parties').

  • When you visit our site or use any features or resources available on or through our site, your browser will automatically disclose certain information, some of which may constitute personal data (see below, 'Cookies and similar technologies').

  • We may also create personal data about you, such as records of your interactions using our site and details of your account transactions if relevant.

Data received from third parties

From time to time we may receive information about you from third parties. These may be media partners, exhibitions, conferences, suppliers & other business partners. It is also possible that third parties with whom we have had no prior contact may provide us with information about you. Generally, this information will be your name and contact details, but may include additional information about you that they provide to us.

In some circumstances we will have a legitimate reason for processing the data even if you have not consented to sharing it, e.g. to fulfil an order process; where you have infringed (or potentially infringed) any of our legal rights; fraud prevention, etc.

If we receive information about you from a third party in error and/or we do not have a legal basis for processing that information, we will delete your information.

How will we use your data?

D2i collects your data:

  • To fulfil your request for information.

  • To fulfil any contractual or pre-contractual obligations, for example, the supply of goods and services, whether for a fee or not.

  • To fulfil any obligations under our sub-contract with a third party.

  • To pay you or request payment for goods and services supplied.

  • To ensure that our website, marketing emails or other communications are delivering valid and relevant content.

  • Running and managing our business effectively and within the law.

  • To prevent fraud or other criminal activity.

What is our legal basis for processing your data?

In line with the processing conditions set out under GDPR, D2i will process your data under one lawful condition:

It is necessary for the purpose of our legitimate business interests (except if those interests are overridden by the interests, rights or freedoms of the data subjects which requires protection).

D2i will review all data processing regularly to ensure that our interests are not overridden by those of the data subjects.

In all cases data subjects have a number of rights which can be exercised regarding their data (see below, 'What are your individual rights?').

If we share your information (see below, 'Who else receives your information?'), it is on the basis of this same lawful condition.

What are your individual rights?

Under GDPR and the method of lawful consent which we are using to process your data, you have the following rights:

  • The right to be informed about the collection and use of your data - This privacy notice informs you about the collection & use of your data. It is available on our website and you may request a written copy of the notice.

  • You have the right to request access to your personal data - Make a request for access, verbally or in writing.

  • You have the right to rectification if you believe the personal data we hold is inaccurate - Make a request for rectification, verbally or in writing.

  • Right to erasure (right to be forgotten) or to restrict processing - Make a request verbally or in writing. In some circumstances, e.g. order fulfilment, to comply with HMRC or similar, immediate erasure will not be possible. In this case you will be informed of the reasons.

  • Right to object - You have an absolute right to object to your data being used for direct marketing. Our marketing communications utilise easily found ‘opt-out’ buttons for this reason. Alternatively you may make an objection verbally or in writing.

  • Rights relating to Automated Decision Making - We use Data Profiling on our website (see our use of automated profiling) below. We only use data profiling as part of our marketing operations – which you may opt out of as explained above - we do not use it for any other automated decision making process.

Who else receives your data?

We share your data with a number of third parties in order to supply you with our services. These are our data processors, and we have contractual processing agreements in place with them that are reviewed on a regular basis. Only adequate, relevant and limited information is used for each purpose. Key data processors are:

Other business partners

Where we have legitimate business interests, the personal data we have collected from you may be transferred to other companies outside the UK and the European Economic Area. We impose contractual obligations with these companies to ensure that our legitimate interests are not overridden by your interests, rights or freedoms. Examples of this would include:

  • Where you have expressed an interest in purchasing goods and services and you are based in a territory where we work alongside a third-party distributor who would be responsible for sales & support in that territory.

  • To prevent fraud, cyber-crime, or other criminal activity.

  • In connection with the enforcement of our legal rights, e.g. debt collection, copyright or patent infringement etc.

  • If required by law or otherwise needed in connection with legal proceedings.

  • Any successor to all or part of our business.

How long will we keep your data?

We will retain your personal data only for as long as is necessary in connection with the purposes set out in this notice, unless applicable law requires a longer retention period (i.e. to comply with HMRC requirements or to defend/exercise any legal rights).

If there is no legislative requirement to retain your data, and you are not a customer of D2i, we will typically delete your personal data three years after your last contact with us.

Where is your data stored and how is it secured?

We take appropriate technical & organisational measures to secure your personal data and to protect it against unauthorised or unlawful use and accidental loss or destruction. These include:

  • Secure company servers.

  • The use of multi-level password protection.

  • Data encryption where appropriate.

  • Limiting access to data through appropriate authorisation & permission settings.

  • A robust IT policy that is reviewed regularly.

  • Secure sockets layer (SSL) technology on our website.

Transmission of information to us by email

Transmission of information over the internet may not be entirely secure. If you submit personal data to us in this way you do so entirely at your own risk, and D2i is not responsible for any liabilities, costs or any other form of loss suffered by you as a result of this decision.

Transfer of your personal information outside the European Economic Area (EEA)

Data that we share with key data processors listed above is stored on servers within the European Economic Area, apart from that stored by Google Inc., which is stored in the United States of America. Currently, USA is not subject to an adequacy decision by the European Parliament; however, Google has self-certified its compliance with the EU-US Privacy Shield, which is an approved mechanism under GDPR.

Data that is shared with other business partners may be shared outside the EEA where it is required for our legitimate business interest as detailed above (see 'Who else receives your data?').

Cookies and similar technologies

A ‘cookie’ is a data file that is sent from a website you visit to a browser to record information about users for various purposes.

We use cookies and similar technologies on our website, including essential, functional, analytical and targeting cookies and web beacons. 

You can reject some or all of the cookies we use on or via our website by changing your browser settings, but doing so can impair your ability to use our website or some (or all) of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org.

Notice updates

Please note that this privacy notice is reviewed periodically and may be amended from time to time. We will update this notice accordingly with a new effective date stated at the beginning of it.

If we make major changes to our privacy notice or intend to use your data for a new purpose other than the purposes for which we originally collected it, we will notify you by posting a notice on our website.

Complaints

We’d like the chance to resolve any complaints you have, but you also have the right to complain to the UK data protection regulator (the ICO) about how we have used your personal data.