Privacy Policy

This Privacy Notice is provided by Eyebio Limited (Eyebio, ‘we‘ or ‘us‘). We are a ‘controller’ for the purposes of the UK General Data Protection Regulation incorporated by the UK’s Data Protection Act 2018 (collectively referred to as the “Data Protection Laws“). We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.

This Privacy Notice applies when you visit or interact with our website at eyebiotech.com or when you contact us to enquire

How to contact us

If you have any questions about this Privacy Notice, how we handle your personal data, or would like to exercise any of your rights, please contact us through the ‘Contact Us’ form.

Changes to the Privacy Notice

The latest version of the Privacy Notice can be found here on our website at Eyebiotech.com We may change this Privacy Notice from time to time. We will alert you on our website when changes are made.

WHAT PERSONAL DATA WE COLLECT AND WHAT WE USE IF FOR:

We may collect, use, store and transfer different kinds of personal data about you which we have been provided with as follows:

Direct Interactions: You may give us your personal data (including name and email address) by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you send us an enquiry, give us feedback or contact us.
Information automatically collected when you use our website: As you interact with our website, we will automatically collect information about your device, browsing actions and patterns, IP address, time zone and some of the cookies that are installed on your device (“Device Information”). We collect this personal data by using cookies, server logs, web beacons, tags, pixels and other similar technologies Please see our cookie policy for further details.

HOW WE KEEP YOUR PERSONAL DATA SECURE:

We implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.

WHY DO WE PROCESS YOUR PERSONAL DATA:

We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section ‘How is processing your data lawful‘ for further detail)

Type of data	Why do we need it?	Lawful basis for processing
Direct interactions	To communicate with you and respond to your enquiry.	Legitimate Interests
Device Information	To improve and optimise our website for example, by generating analytics about how our customers browse and interact with the website, and to assess the success of our marketing and advertising campaigns.	Consent

HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL:

We are allowed to process your personal data based on the following legal bases for the purposes explained in this Website Privacy Notice:

Legitimate Interests – We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table in the previous section “Why do we process your personal data” explains the personal data processed on this basis.

You can object to processing that we carry out on the grounds of legitimate interests. See the section headed “Your Rights” to find out how.
Consent – Sometimes we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.

ORGANISATIONS THAT WE MAY SHARE YOUR DATA WITH:

We use processors to support our IT systems and operate our website, such as website hosting.. Some of these service providers will process your data as part of the services they offer to us. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure. If you would like to know the names of our other service providers, please contact us (see section “How to Contact Us“).

RETENTION AND DELETION OF YOUR PERSONAL DATA:

We only retain your personal data for as long as we need it by law. The following categories of personal data will be kept for the following periods and will be securely deleted/ destroyed after the expiry of the retention period:

Data we process	How long this will be held for
Device Information (cookies/analytics data)	Cookie Policy
Information from enquiry forms should read ‘Contact us’ form	Until the enquiry has been completed and no further responses are received for a reasonable period.

YOUR RIGHTS:

As a UK data subject, you have the following legal rights under the Data Protection Laws in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see “How to contact us“). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response

Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the Data Protection Laws.

YOUR DATA PROTECTION RIGHTS	WHAT DOES THIS MEAN?
1. Right of access	You have the right to obtain access to your personal data we process and certain other information (similar to that provided in this Privacy Notice). This is so you are aware and can check that we are using your information in accordance with Data Protection Laws. You may ask for: A copy of your information; Details of the purpose for which it is being processed; Details of the recipients or classes of recipients to whom it is or could be disclosed, including if they are overseas and what protections they have in place; The period for which it is held (or the criteria which determines this); Any information available about the source of the data; and Whether we carry out any automated decision-making or profiling, and where we do information about the logic involved and the outcome or consequences of that decision or profiling. To help us find the information, please give us as much information as possible about the type of personal data you would like to see.
2. Right to rectification	You are entitled to have your information corrected if it is inaccurate or incomplete. If you would like us to do this, please contact us (see section “How to Contact Us“).
3. Right to erasure	This is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where: You do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice; If you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data; You object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or Your data has been processed unlawfully or have not been erased when it should have been.
4. Right to restrict processing	You have rights to ‘block’ or suppress further use of your information. When processing is restricted we can still store your information, but may not use it further. You may request that we stop processing your personal data temporarily if: You do not think your data is accurate. We will start processing again once we have checked whether or not the data is accurate; The processing is unlawful but you do not want to erase your data; We no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or You have objected to the processing because you believe that your interests should override [the companies] legitimate interests.
5. Right to object to processing	You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing.
6. Right to withdraw consent	If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, that does not mean anything we have done with your personal data with your consent up to that point is unlawful.) Please contact us (see “How to contact us” section) if you want to withdraw your consent.

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice. If you do not think that we have processed your data in accordance with this Privacy Notice, you should let us know as soon as possible. You also have the right to complain to the Information Commissioner’s Office (ICO). Information about how to do this is available on its website at www.ico.org.uk.