Thank you for visiting our website www.cherwell-labs.co.uk (the Site). This Notice sets out the basis on which any personal data provided to us by you, or received by us from third parties, will be used by us.
Please read this Notice carefully and ensure that you understand our rights and responsibilities under it.
We are Cherwell Laboratories Limited, a company registered in the United Kingdom under number 01159518, whose registered offices are at 7 & 8 Launton Business Centre, Murdock Road, Bicester, Oxfordshire, OX26 4XB. We are the data controller of personal data provided to us and are registered as a data controller with the ICO under registration number Z1984086. We have appointed a Data Protection Manager who is responsible for addressing data protection matters, including any questions you may have in relation to this Notice. You can contact our Data Protection Manager at firstname.lastname@example.org
Full details are set out in the relevant sections of this Notice below, but in summary:
we generally receive personal data relating to you directly from you. For example, we will receive that data if you contact us through the Site or otherwise, or if we do business with you;
personal data may occasionally be provided to us by third parties with whom each of you and us have some form of relationship. For example, if we do business with your employer then they might provide us with your contact details;
we use your data to improve our Site, conduct our business, keep appropriate records and meet our legal obligations;
we only provide your personal data to third parties for our limited business purposes or as permitted by law. We don’t share your data with third party advertisers;
we store data for specified periods for our limited business purposes;
you have certain rights, prescribed by law, in relation to the processing of your data, such as rights to request access, rectification or deletion of your personal data;
you can contact us to enquire about any of the contents of this Notice.
1.1 In this section we have set out:
(a) the general categories of personal data that we may process;
(b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing. When we refer to a “legal basis”, we mean a lawful basis set out in Article 6 of the General Data Protection Regulation (GDPR) under which we conduct the relevant processing.
Personal data we obtain from you
1.2 We may process data about your use of the Site (usage data). This may include your geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use. It may also include conversion tracking information in relation to our social media posts (which tells us how many people have clicked through to our website from those posts). This data is aggregated and anonymised in such a way that it contains no information relating to any identifiable individual at all: it’s not actually personal data but we mention it in this Notice for the sake of completeness. We process usage data for the purpose of improving our Site or social media posts.
1.3 We may process personal data contained in or relating to any communication that you send to us, whether through the Site, by email, or otherwise. We may also process personal data which you have provided to us so that we can correspond with you: for example, if you give us your business card at an exhibition. All of this together is correspondence data. This may include the communication content and metadata associated with the communication, as well as any contact details you provide to us such as your name, email address, phone number, job title or address. We process correspondence data for the purposes of communicating with you and record-keeping. If you are a customer of ours, or have indicated your interest in our products, services or business, then we may also process correspondence data for the purposes of addressing your enquiry and providing you with occasional news about our products and services. Finally, we may use conversion tracking in relation to some of our email communications (such as newsletters and promotional emails) – this will record whether a recipient has opened an email sent by us, or whether they have clicked through to any of the links in it.
1.4 If we do business with you or your organisation, whether as a supplier or a customer, then we may process personal data such as your contact details for the purposes of setting up an account in our systems. We may also process personal data within all account-related correspondence and documents such as proposals or contracts, whether created by us or provided to us. We call all of this account data, and we process it for the purposes of providing our products and services, purchasing products and services, and account administration and record-keeping.
1.5 We may process personal data relating to transactions, such as bank account details, contact details or transaction data in relation to payments made by us to you or by you to us (transaction data). This may include your contact details, any bank account or sort code information provided for the purposes of making payment, and the transaction details (such as POs or invoices). The transaction data may be processed for the purpose of supplying or receiving the relevant products or services, making and receiving payments and record-keeping.
1.6 We may process personal data relating to any visit you make to our premises, such as your vehicle registration number, contact details, role, the purpose of your visit or your movements around our site. We call all of this visitor data and we will process it for the purposes of ensuring your visit is properly recorded and is safe.
Social media data
1.7 If you respond to or otherwise interact with our social media posts (for instance, “liking” a post on LinkedIn) then we may process data about that interaction, such as any response posted by you, your social media ID, and the nature of your response (e.g. that it was a “like”). We call this social media data. We will process it for the purposes of improving our social media posts and potentially for communicating with you.
Personal data we obtain from others
1.8 Your personal data may be provided to us by someone other than you: for example, by your employer, by an organisation with whom you and we are both dealing or by someone who wishes to refer you to us or vice versa. Normally this data will be correspondence data or account data as described above and will be processed by us for the purposes described above.
Our legal basis of processing
1.9 We will process personal data only on lawful bases. In particular, we will process personal data on the following lawful bases identified in Article 6 GDPR:
(a) for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you (Article 6(1)(b) GDPR). This may be our basis for processing correspondence data, account data, transaction data or visitor data;
(b) for our legitimate interests (Article 6(1)(f) GDPR). This may be our basis for processing:
i) correspondence, account, social media and visitor data (as we have an interest in properly administering our business and communications, and in developing our business with interested parties);
ii) transaction data (as we have an interest in making and receiving payments promptly and in recovering debts);
iii) any personal data identified in this Notice where necessary in connection with legal claims (as we have an interest in the protection and assertion of our and your legal rights and the legal rights of others); and
iv) any personal data identified in this Notice in connection with backups of any element of our IT systems or databases containing that personal data (as we have an interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data).
1.10 We may also process any of your personal data where necessary for compliance with a legal obligation to which we are subject (Article 6(c) GDPR), or in order to protect your or another individual’s vital interests (Article 6(d) GDPR).
2.1 We may disclose your personal data to our insurers and/or professional advisers as necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
2.2 We may disclose personal data to our suppliers or subcontractors or approved distributors in connection with the uses described above. For example, we may disclose:
(a) any personal data in our possession to suppliers which host the servers on which our data is stored;
(b) social media data and correspondence data to the provider of our hosted customer relationship management system;
(c) transaction data and billing contact details to our accountants; and
(d) transaction data and other relevant personal data to third parties for the purposes of fraud protection, credit risk reduction and debt recovery.
(e) correspondence data to our approved distributors in your territory in order to address your enquiry.
2.3 We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and applicable law.
2.4 We may also disclose your personal data where necessary for compliance with a legal obligation to which we are subject, or in order to protect your or another individual’s vital interests.
2.5 If any part of our business or operations is sold to, transferred to, or integrated with, another organisation (or if we enter into negotiations for those purposes), your personal data may be disclosed to that organisation.
3.1 In this section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
3.2 Some of the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA or may transfer your personal data to their own service providers located outside the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made to countries in respect of which the European Commission has made an “adequacy decision”, or otherwise will only be made with appropriate safeguards, such as the use of standard data protection clauses adopted or approved by the European Commission or the use of the EU-US Privacy Shield. You may contact us if you would like further information about these safeguards.
3.3 We may also transfer personal data outside the EEA from time to time:
(a) with your consent;
(b) at your request (for example, if you ask us to introduce you to one of our distributors outside the EEA); or
(c) if our personnel take mobile devices with them when travelling outside the EEA.
4.1 We have put in place appropriate security measures to prevent your personal data from being lost, used, accessed, altered or disclosed by accident or without authorisation. In addition, we limit access to your personal data to those officers, employees and contractors who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
4.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
5.1 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
5.2 We will retain and delete your personal data as follows:
(a) usage data which is anonymised (and therefore not personal data) may be retained by us indefinitely;
(b) correspondence data or social media data which relates only to enquiries and not to a business relationship will be retained for the period of the enquiry or chain of correspondence and then deleted after approximately thirty-six months (we keep the data for this period due to the length of our sales cycle);
(c) account and transaction data, and correspondence data relating to our business relationship with you, will be retained for approximately six years after the end of the relevant business relationship.
5.3 We may retain your personal data where necessary for compliance with a legal obligation to which we are subject, or in order to protect your or another individual’s vital interests.
We may update this Notice from time to time by publishing a new version on the Site. You should check occasionally to ensure you are happy with any changes to this Notice, although we will notify you of material changes to this Notice using the contact details you have given us.
7.1 We have summarised below the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. You can read guidance from the Information Commissioner’s Office at ico.gov.uk for a fuller explanation of your rights.
7.2 Your principal rights under data protection law are:
(a) the right to access: you have the right to confirmation as to whether or not we process your personal data and, where we do, to access to the personal data, together with additional information including details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee;
(b) the right to rectification: you have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed;
(c) the right to erasure: in some circumstances you have the right to the erasure of your personal data. These might include if the personal data are no longer needed for the purposes for which they were processed or if the processing is for direct marketing purposes. However, there are some exclusions of the right to erasure, such as where processing is necessary for compliance with a legal obligation or in connection with legal claims;
(d) the right to restrict processing: in some circumstances you have the right to restrict the processing of your personal data. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except in the case of processing permitted by applicable law (for example, in connection with legal claims or for reasons of public interest);
(e) the right to object to processing: you have the right to object to our processing of your personal data on the basis of the legitimate interests pursued by us or by a third party. If you make such an objection, we will stop processing the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing is for legal claims. You also have the right to object to our processing of your personal data for direct marketing purposes and if you do so we will stop processing your personal data for that purpose;
(f) the right to data portability: if the legal basis for our processing of your personal data is consent, or the performance of a contract with you, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others; and
(g) the right to complain to a supervisory authority: if you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
7.3 You may exercise any of your rights in relation to your personal data by written notice to us.
8.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
8.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
8.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
8.5 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can obtain up-to-date information about blocking and deleting cookies at aboutcookies.org or at the support pages made available by your browser operator.
You can contact us:
(a) by post at 7 & 8 Launton Business Centre, Murdock Road, Bicester, Oxfordshire, OX26 4XB;
(b) using the contact form on the Site;
(c) by telephone at +44 (0)1869 355500; or
(d) by email at email@example.com
10.1 The Site may contain links to third party websites or refer to third party service providers and other entities. If you follow a link to any third-party website or deal with any third-party entity referred to on the Site, then you should note that these third parties may have their own privacy and cookie policies, and that we are not responsible for their use of any personal data which you may provide to them. You should ensure that you have read and understood any relevant policies.
10.2 Although we do our best to ensure the security of personal data provided to us (and to use only reputable service providers), any transmission of data via the Internet is by its nature insecure and we cannot guarantee the security of any personal data you provide to us.
Last Updated: 9th May 2018
Redipor® is a registered trademark of Cherwell Laboratories Ltd.
Cherwell Laboratories logo and name is a registered trademark of Cherwell Laboratories Ltd.
Minncare® is a registered trademark of Mar Cor Purification.
Cherwell Laboratories shall not be liable for any direct, indirect, special or consequential damages arising out of the use of this website or the reliance on information in it. The content of this paragraph and its disclaimers and exclusions shall apply to the maximum extent permissible by applicable laws. Any rights not expressly granted herein are reserved.
Cherwell Laboratories have used reasonable care to ensure that the information appearing on this website is accurate and up-to-date. While care has been taken to prevent the occurrence of errors and omissions the user of this website should not take the accuracy of the information for granted. None of the material contained in this website is to be relied upon as a statement or representation of fact.
Cherwell Laboratories have no control over the use to which the information within this website may be put and shall not be liable for any loss or damage either direct indirect or consequential arising out of or in connection with the use of such information. Your statutory rights remain unaffected.
Cherwell Laboratories cannot be held liable for the content of all of the websites to which this website links. Users of this website link to other websites at their own risk and use those websites according to the terms and conditions of use of those websites.
English law and jurisdiction applies with respect to contents of this website.