This Privacy Notice is provided by Eyebio Limited (Eyebio, ‘we‘ or ‘us‘). We are a ‘controller’ for the purposes of the UK General Data Protection Regulation incorporated by the UK’s Data Protection Act 2018 (collectively referred to as the “Data Protection Laws“). We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.
This Privacy Notice applies when you visit or interact with our website at eyebiotech.com or when you contact us to enquire
How to contact us
If you have any questions about this Privacy Notice, how we handle your personal data, or would like to exercise any of your rights, please contact us through the ‘Contact Us’ form.
Changes to the Privacy Notice
The latest version of the Privacy Notice can be found here on our website at Eyebiotech.com We may change this Privacy Notice from time to time. We will alert you on our website when changes are made.
WHAT PERSONAL DATA WE COLLECT AND WHAT WE USE IF FOR:
We may collect, use, store and transfer different kinds of personal data about you which we have been provided with as follows:
- Direct Interactions: You may give us your personal data (including name and email address) by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you send us an enquiry, give us feedback or contact us.
HOW WE KEEP YOUR PERSONAL DATA SECURE:
We implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.
WHY DO WE PROCESS YOUR PERSONAL DATA:
We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section ‘How is processing your data lawful‘ for further detail)
|Type of data||Why do we need it?||Lawful basis for processing|
|Direct interactions||To communicate with you and respond to your enquiry.||Legitimate Interests|
|Device Information||To improve and optimise our website for example, by generating analytics about how our customers browse and interact with the website, and to assess the success of our marketing and advertising campaigns.||Consent|
HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL:
We are allowed to process your personal data based on the following legal bases for the purposes explained in this Website Privacy Notice:
- Legitimate Interests – We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table in the previous section “Why do we process your personal data” explains the personal data processed on this basis.
You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Your Rights” to find out how.
- Consent – Sometimes we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.
ORGANISATIONS THAT WE MAY SHARE YOUR DATA WITH:
We use processors to support our IT systems and operate our website, such as website hosting.. Some of these service providers will process your data as part of the services they offer to us. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure. If you would like to know the names of our other service providers, please contact us (see section “How to Contact Us“).
RETENTION AND DELETION OF YOUR PERSONAL DATA:
We only retain your personal data for as long as we need it by law. The following categories of personal data will be kept for the following periods and will be securely deleted/ destroyed after the expiry of the retention period:
|Data we process||How long this will be held for|
|Information from enquiry forms should read ‘Contact us’ form||Until the enquiry has been completed and no further responses are received for a reasonable period.|
As a UK data subject, you have the following legal rights under the Data Protection Laws in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see “How to contact us“). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response
Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the Data Protection Laws.
|YOUR DATA PROTECTION RIGHTS||WHAT DOES THIS MEAN?|
|1. Right of access|
You have the right to obtain access to your personal data we process and certain other information (similar to that provided in this Privacy Notice).
This is so you are aware and can check that we are using your information in accordance with Data Protection Laws.
You may ask for:
To help us find the information, please give us as much information as possible about the type of personal data you would like to see.
|2. Right to rectification||You are entitled to have your information corrected if it is inaccurate or incomplete. If you would like us to do this, please contact us (see section “How to Contact Us“).|
|3. Right to erasure|
This is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where:
|4. Right to restrict processing|
You have rights to ‘block’ or suppress further use of your information. When processing is restricted we can still store your information, but may not use it further. You may request that we stop processing your personal data temporarily if:
|5. Right to object to processing||You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing.|
|6. Right to withdraw consent|
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, that does not mean anything we have done with your personal data with your consent up to that point is unlawful.)
Please contact us (see “How to contact us” section) if you want to withdraw your consent.
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Complaints to the regulator
It is important that you ensure you have read this Privacy Notice. If you do not think that we have processed your data in accordance with this Privacy Notice, you should let us know as soon as possible. You also have the right to complain to the Information Commissioner’s Office (ICO). Information about how to do this is available on its website at www.ico.org.uk.